M&A Cybersecurity and Compliance Analyst

Are you passionate about cybersecurity, risk & compliance?

Are you passionate about being part of a successful team?

Join us!

A leader in the Energy Technology Industry, Baker Hughes offers opportunities for qualified people who want to grow in our high-performance organization. Our leading technologies and our ability to apply them safely and effectively create value for our customers and shareholders.

Be part of our Digital Technology M&A team!

You will be supporting the HQ DT M&A team in planning and execution of the cybersecurity section of deals, and Regional Compliance and Risk Management. You will oversee the M&A and Cybersecurity and Risk function across different Baker Hughes business sites, presence and interests.

As a M&A Cybersecurity and Compliance Analyst, you will be responsible for:

• Supporting the DT M&A team during all phases of deals, with responsibilities including all timely due-diligence responses, integration and separation strategies and plans, service delivery execution and digital technology security implementation.
• Working with the Cybersecurity and CTO teams to execute the CSRC Service Delivery portions of integrations and carve-outs. This includes but is not limited to implementing cybersecurity controls, ensuring timely evaluation of incoming applications through security and architecture reviews, and supporting the DT deal team in a timely manner as required by business.
• Maintaining the CSRC service catalogue and working at a tactical level to manage all CSRC activities in a timely manner.
• Contributing technical expertise towards the development of M&A security strategic plans and roadmaps that are aligned to business strategies and requirements.
• Assisting in the maintenance of M&A playbooks based on company security standards, procedures, and best practices including account management, tenant management, information/IP protection management, proxy server management, security ingress/egress management, domain trusts posture, SSL/IPsec, security incident and event management (SIEM), data protection (DLP, encryption), and password/key management, vulnerability/threat assessment.
• Collaborating with security team members to develop all M&A security requirements for all hardware and software computing platforms, environments and solutions including developing and or modifying existing policies, procedures, hardening guides, based on best practices and standards to address M&A business strategies and requirements.
• Having knowledge of Regulatory Compliance requirements within the EU and targeted global countries (GDPR, NIS, Digital markets and services, European Cybersecurity act).
• Keeping up to date with changing European and other regional regulations, directives, and standards that impact IT operations, including data privacy, cybersecurity, and technology governance.
• Monitoring regulatory developments, assessing their impact on the company's IT practices, and ensuring proactive compliance.
• Working closely with the IT security team to ensure compliance with any applicable regional cybersecurity regulations (e.g., NIS Directive, EU Cybersecurity Act).
• Conducting regular IT compliance audits, reviews, and assessments to ensure adherence to internal policies and regulatory requirements.
• Coordinating and managing third-party audits and inspections as required by regulatory authorities or clients. Ensure that External Audit activity is properly scoped to the relevant business activities and locations.
• Partnering with IT and the business, focusing on areas of highest IT and cyber risk, to continuously improve on controls or automate compliance activities. Maintaining ongoing communication with the business, external/internal auditors as it relates to alignment on audit planning, walkthroughs/testing, audit requests, impact assessments, and deficiency evaluation of IT controls related to regulatory requirements, such as SOX or climate-related disclosures.

Fuel your passion

To be successful in this role you will:

• Have a BSc. from an accredited university or college.
• Have experience in ITGC/GITC audits including interfaces, control reports configurable controls.
• Possess deep working knowledge of IT service management (e.g., ITIL-related disciplines).
• Have a solid working knowledge of OT security and how it aligns and differs from Enterprise IT Security.
• Demonstrate understanding of industry security standards, guidelines and regulatory/compliance requirements related to information security and cloud computing such as ISO 27001, NIST 800-53, IEC/ISA 62443, SOC2, PCI, SOX, etc.
• Have hands-on experience on IT M&A / IT Compliance / drafting, modifying, reviewing, or managing technical Transition Service Agreements - advantageous.
• Be team-focused, experienced at building relationships and collaborating with diverse stakeholders to problem-solve.
• Be comfortable making difficult decisions, with a proven ability to weigh the relative costs and benefits of potential actions and identify the most appropriate one.

Work in a way that works for you

We recognize that everyone is different and that the way in which people want to work and deliver at their best is different for everyone too. In this role, we can offer the following flexible working patterns:

• Occasionally remote working from home or another work location.
• Working flexible hours - flexing the times when you work in the day to help you fit in everything in and work when you are the most productive.

Working with us

Our people are at the heart of what we do at Baker Hughes. We know we are better when all of our people are developed, engaged and able to bring their whole authentic selves to work. We invest in the health and well-being of our workforce, train and reward talent and develop leaders at all levels to bring out the best in each other.

Working for you

Our inventions have revolutionized energy for over a century. But to keep going forward tomorrow, we know we have to push the boundaries today. We prioritize rewarding those who embrace change with a package that reflects how much we value their input. Join us, and you can expect:

• Contemporary work-life balance policies and wellbeing activities.
• Comprehensive private medical care options.
• Safety net of life insurance and disability programs.
• Tailored financial programs.
• Additional elected or voluntary benefits.

About Us: We are an energy technology company that provides solutions to energy and industrial customers worldwide. Built on a century of experience and conducting business in over 120 countries, our innovative technologies and services are taking energy forward - making it safer, cleaner and more efficient for people and the planet.
Join Us: Are you seeking an opportunity to make a real difference in a company that values innovation and progress? Join us and become part of a team of people who will challenge and inspire you! Let's come together and take energy forward.

Baker Hughes Company is an Equal Opportunity Employer. Employment decisions are made without regard to race, color, religion, national or ethnic origin, sex, sexual orientation, gender identity or expression, age, disability, protected veteran status or other characteristics protected by law.