What you'd actually do

Lead security and privacy due diligence process for target acquisitions, including technical architecture reviews, penetration tests, vulnerability assessments, security and privacy evaluations, risk identification and risk prioritization.

Develop the security strategy for each incoming M&A; documenting key details about the target acquisition, technology stack, current security and privacy posture, third-party due diligence results, etc. ahead of deal close to ensure that all members across SPA teams and relevant stakeholders are up-to-speed and understand the acquisition’s security posture.

Conduct threat intelligence for potential incoming target acquisition companies.

Evaluate risks within the acquisition, advise the business on prioritization, and recommend treatment strategies.

Manage long term security and privacy risk management for the subsidiary after active onboarding completes, where applicable; ensuring that critical and high risk security risks are prioritized and mitigated/resolved.

Skills

Required

Experience conducting threat intelligence and/or security and privacy due diligence for M&A’s.
Breadth across multiple security domains.
Strong understanding of information security, risk and data privacy, especially as it applies to Mergers & Acquisitions.
Strong technical / development background, as well as the ability to talk through technical implementation.
Excellent written and verbal communication skills, with the ability to translate highly complex technical security concepts into business impact for a non-technical audience.
Detailed understanding of the legal concepts surrounding M&As.

Nice to have

Self-motivated and can proactively seek input.
Self-motivated and can deal well with ambiguity, and are selfless when it comes to getting work done and leaning on experts.
Experience creating a team that models psychological safety and inclusivity.

At Netflix, our mission is to entertain the world. Together, we are writing the next episode - pushing the boundaries of storytelling, global fandom and making the unimaginable a reality. We are a dream team obsessed with the uncomfortable excitement of discovering what happens when you merge creativity, intuition and cutting-edge technology. Come be a part of what’s next.

The Team

The Business Security Partner (BSP) team delivers a balanced approach to securing our business based on the business context provided by our stakeholders. The Business Security Partner team sits within the Security, Privacy and Assurance team at Netflix. We enable Netflix to pragmatically address top security risks while maintaining business agility, velocity and scale.

We're looking for our next Security Partner to lead security conversations between the Security team and our business units. The BSP team manages the picture of risk in their stakeholders' ecosystem, secures business workflows and technical environments, and delivers targeted awareness. Things move fast at Netflix, and this team is essential to driving strong alignment that addresses critical risks.

The Role

We are seeking an experienced security professional with broad security domain knowledge and expertise, who is comfortable working in environments subject to** **change and that operate at high velocity. This role will be a crucial security point of contact for the Netflix technical leadership and business stakeholders, with a dedicated focus on Netflix’s Merger & Acquisitions (M&As) technical due diligence. You will be building relationships with target acquisition personnel, developing a deep understanding of their security posture to drive security context across Netflix’s Security, Privacy, and Assurance (SPA) organization. This role will be critical to determining if issues must be remediated pre-close and what activities should take precedence during integration onboarding. This role will also develop an understanding of the strategic goals behind acquiring the target to ensure SPA understands the target integration strategy and resource needs. You may also be assigned to other business units and involved in net new subsidiaries formed inside Netflix. You will be aligned in helping to assess Netflix’s previous acquisitions current security posture and ensuring that the acquisition aligns with Netflix’s security controls.

Netflix has a unique and innovative culture that guides us to do things differently. This helps keep velocity high and means that our security team needs to operate differently from a traditional security team. At Netflix, we put “People over Process” - We hire unusually responsible people who thrive on this openness and freedom. Instead of controlling our stakeholders with process and security gates, we enable them to securely create great content by providing security context to make the right decisions for Netflix.

**Key Responsibilities **

Cultivate and maintain strong relationships with business stakeholders.
Conduct threat intelligence for potential incoming target acquisition companies.
Lead security and privacy due diligence process for target acquisitions, including technical architecture reviews, penetration tests, vulnerability assessments, security and privacy evaluations, risk identification and risk prioritization.
Develop the security strategy for each incoming M&A; documenting key details about the target acquisition, technology stack, current security and privacy posture, third-party due diligence results, etc. ahead of deal close to ensure that all members across SPA teams and relevant stakeholders are up-to-speed and understand the acquisition’s security posture.
Partner closely with our corporate IT M&A counterparts throughout the acquisition due diligence process.
Partner with the the M&A Security TPM to hand off active onboarding integration activities to ensure a smooth transition for the target acquisition personnel.
Manage long term security and privacy risk management for the subsidiary after active onboarding completes, where applicable; ensuring that critical and high risk security risks are prioritized and mitigated/resolved.
Evaluate risks within the acquisition, advise the business on prioritization, and recommend treatment strategies.
Develop metrics and reporting in partnership with the M&A Security TPM to communicate security and privacy M&A to SPA and other key stakeholders.
Serve as the subject matter expert for the target on security, privacy, risk, and compliance.

**Ideal Background **

To be successful in this role, you'll need to have the following skills:

You can easily partner and forge relationships with cross-functional teams and stakeholders.
You are a thoughtful and responsible security professional - someone who is self-motivated and can proactively seek input.
You have excellent written and verbal communication skills, with the ability to translate highly complex technical security concepts into business impact for a non-technical audience.
You have a detailed understanding of the legal concepts surrounding M&As
You have experience conducting threat intelligence and/or security and privacy due diligence for M&A’s.
You have breadth across multiple security domains
You have a strong understanding of information security, risk and data privacy, especially as it applies to Mergers & Acquisitions.
You have a strong technical / development background, as well as the ability to talk through technical implementation.
You care deeply about creating a team that models psychological safety and inclusivity, where team members can do their best work.
You are self-motivated and can deal well with ambiguity, and are selfless when it comes to getting work done and leaning on experts.

Generally, our compensation structure consists solely of an annual salary; we do not have bonuses. You choose each year how much of your compensation you want in salary versus stock options. To determine your personal top of market compensation, we rely on market indicators and consider your specific job family, background, skills, and experience to determine your compensation in the market range. The range for this role is $400,000.00 - $680,000.00. This compensation range will vary based on location.

Netflix provides comprehensive benefits including Health Plans, Mental Health support, a 401(k) Retirement Plan with employer match, Stock Option Program, Disability Programs, Health Savings and Flexible Spending Accounts, Family-forming benefits, and Life and Serious Injury Benefits. We also offer paid leave of absence programs. Full-time hourly employees accrue 35 days annually for paid time off to be used for vacation, holidays, and sick paid time off. Full-time salaried employees are immediately entitled to flexible time off. See more details about our Benefits here.

Netflix is a unique culture and environment. Learn more here.

Inclusion is a Netflix value and we strive to host a meaningful interview experience for all candidates. If you want an accommodation/adjustment for a disability or any other reason during the hiring process, please send a request to your recruiting partner.

We are an equal-opportunity employer and celebrate diversity, recognizing that diversity builds stronger teams. We approach diversity and inclusion seriously and thoughtfully. We do not discriminate on the basis of race, religion, color, ancestry, national origin, caste, sex, sexual orientation, gender, gender identity or expression, age, disability, medical condition, pregnancy, genetic makeup, marital status, or military service.

Job is open for no less than 7 days and will be removed when the position is filled.