Principal Cyber Risk Advisor, Cybersecurity M&A at Ge Vernova in New York, United States | USD156,100-260,100 | Kablio

Role

Description

third-party management

day 1 readiness

risk quantification

kpi reporting

playbook development

ot integration

Manage third-party providers for surge capacity/testing/regulatory advisory; integrate and QA outputs.
Operate in a matrix with DT M&A/PMO, Business Development, Legal, Privacy, Finance, Insurance, Sourcing, and BU security; lead cross-functional squads.
Own Day 1 control readiness; build and execute 30/60/100-day plans and drive TSA exit milestones.
Provide executive-ready risk narratives, options/trade-offs, and recommendations under tight timelines.
Quantify risk and remediation (capex/opex, timeline) and translate into valuation, PPAs, holdbacks, R&Ws/indemnities, and closing conditions.
Track and report KPIs (flow efficiency, diligence cycle time, Day 1 control coverage, TSA months saved, post-close findings); drive continuous improvement.
Lead pre-sign red-flag and full due diligence for GE Vernova's Deal Processes in DT and OT/ICS targets aligned to NIST CSF, SP 800-53/800-171, and 800-82.
Develop and run standard playbooks for IAM/PAM, network segmentation/zero trust, endpoint/EDR, cloud tenancy/landing zones, app security, data discovery/classification/transfer, logging/SIEM, vulnerability management, third-party risk, IR, and BCP/DR.
Establish clean-room protocols and data handling standards; ensure privacy and cross-border compliance (e.g., DPIAs).
Control gap assessment with target state; quantified remediation estimates; executive risk register and heatmap.
Design/govern safe OT/ICS integration and segmentation strategies; assess NERC CIP applicability and compliance contours.

Requirements

cissp

nist

iam

ot/ics

10+ years

risk quantification

Track record delivering Day 1 readiness and 30/60/100-day execution with TSA exits in global environments.
Hands-on depth in IAM/PAM, network/cloud security, endpoint/EDR, data protection, logging/monitoring, vuln mgmt, third-party risk, IR, and BCP/DR.
Day 1 control checklist and exceptions log; 30/60/100-day plan with critical path and TSA exit criteria.
Relevant certifications: CISSP, CISM, CRISC, CISA, GICSP, CCSK/CCSP, cloud provider certs.
Proven ability to quantify risk/remediation and translate into deal economics and SPA/TSA language.
OT-heavy transaction experience (generation, grid, renewables); prior clean-room design/operations.
Deep knowledge of NIST CSF, SP 800-53/800-171, and 800-82; familiarity with NERC CIP.
Deal dashboard, weekly executive updates, risk/issue logs; post-close lessons learned; BU handover package.
Executive communication and matrix leadership; ability to lead external advisors.
Bachelor’s degree in cybersecurity, computer science, engineering, or related field (or equivalent experience).
10+ years in cybersecurity with significant M&A diligence and integration/separation leadership.
Risk quantification (e.g., FAIR or equivalent); Lean/Agile/PMO experience with metrics focus.
Red-flag memo; preliminary NIST scorecard; diligence plan and data room list; clean-room SOPs.
OT/ICS Purdue mapping; zone/conduit strategy; NERC CIP relevance assessment (as applicable).
Experience across IT and OT/ICS security, including segmentation and operational resilience.
Experience improving cyber insurance submissions and influencing SPA/TSA controls.

Benefits

Location: Flexible US; hybrid/remote options based on candidate location.
SPA/TSA cyber clause recommendations; insurance underwriting package.
Integration/separation runbooks/playbooks; cutover command-center and stabilization plans.

Training + Development

Information not given or found

Interview process

Information not given or found

Visa Sponsorship

Information not given or found

Security clearance

offer contingent on successful completion of a drug screen (as applicable).

Company

Overview

April 2024

Founded

The company emerged from the spin-off of GE's energy units in April 2024.

>$10B Quarterly Revenue

Revenue Growth

Achieves over $10 billion in quarterly revenue, driven by demand for power infrastructure and digital solutions.

$3B

Wind Turbine Backlog

Maintains a significant backlog in wind turbine orders, reflecting strong market demand.

25%

Global Electricity Supply

Contributes to generating 25% of the world’s electricity through its installed turbines and grids.

Traces roots back to Edison and Alstom, merging power, renewable, digital & financial wings.
Headquartered in Cambridge, MA, crafts large-scale gas turbines, SMRs, wind turbines, hydro and grid tech to fuel economies.
On the nuclear front, advancing small modular reactors (like BWRX‑300) in partnership with utilities and supporting semiconductor projects.
Wind prowess spans onshore, offshore and blade making—with key sites like Dogger Bank offshore and blade plants in Spain.
Electrification arm tackles grid stability: HVDC, transformers, storage, conversion, plus GridOS software powering smarter infrastructure.
Weaves finance and consulting through energy-infrastructure investments, funding solar farms to pipelines via GE Energy Financial Services.

Culture + Values

Relentlessly focused on advancing the world’s transition to cleaner, more sustainable energy.
Believes in working with customers, partners, and communities to create innovative energy solutions that make a meaningful difference.
Prioritizes excellence, integrity, and accountability in everything they do.
Committed to driving real change through technology and partnerships that will transform the global energy landscape.

Environment + Sustainability

2050 target

Net zero commitment

Committed to achieving net zero carbon emissions by 2050.

Focused on reducing emissions through advanced energy technologies.
Maximizing use of renewable energy sources and leveraging digital solutions for energy efficiency.
Solutions aim to decarbonize industries and help customers meet their sustainability goals.

Inclusion & Diversity

Articles

Contact GE Vernova

Our Approach to Sustainability

Careers at GE Vernova

Role

Description

third-party management

day 1 readiness

risk quantification

kpi reporting

playbook development

ot integration

Manage third-party providers for surge capacity/testing/regulatory advisory; integrate and QA outputs.
Operate in a matrix with DT M&A/PMO, Business Development, Legal, Privacy, Finance, Insurance, Sourcing, and BU security; lead cross-functional squads.
Own Day 1 control readiness; build and execute 30/60/100-day plans and drive TSA exit milestones.
Provide executive-ready risk narratives, options/trade-offs, and recommendations under tight timelines.
Quantify risk and remediation (capex/opex, timeline) and translate into valuation, PPAs, holdbacks, R&Ws/indemnities, and closing conditions.
Track and report KPIs (flow efficiency, diligence cycle time, Day 1 control coverage, TSA months saved, post-close findings); drive continuous improvement.
Lead pre-sign red-flag and full due diligence for GE Vernova's Deal Processes in DT and OT/ICS targets aligned to NIST CSF, SP 800-53/800-171, and 800-82.
Develop and run standard playbooks for IAM/PAM, network segmentation/zero trust, endpoint/EDR, cloud tenancy/landing zones, app security, data discovery/classification/transfer, logging/SIEM, vulnerability management, third-party risk, IR, and BCP/DR.
Establish clean-room protocols and data handling standards; ensure privacy and cross-border compliance (e.g., DPIAs).
Control gap assessment with target state; quantified remediation estimates; executive risk register and heatmap.
Design/govern safe OT/ICS integration and segmentation strategies; assess NERC CIP applicability and compliance contours.

Requirements

cissp

nist

iam

ot/ics

10+ years

risk quantification

Track record delivering Day 1 readiness and 30/60/100-day execution with TSA exits in global environments.
Hands-on depth in IAM/PAM, network/cloud security, endpoint/EDR, data protection, logging/monitoring, vuln mgmt, third-party risk, IR, and BCP/DR.
Day 1 control checklist and exceptions log; 30/60/100-day plan with critical path and TSA exit criteria.
Relevant certifications: CISSP, CISM, CRISC, CISA, GICSP, CCSK/CCSP, cloud provider certs.
Proven ability to quantify risk/remediation and translate into deal economics and SPA/TSA language.
OT-heavy transaction experience (generation, grid, renewables); prior clean-room design/operations.
Deep knowledge of NIST CSF, SP 800-53/800-171, and 800-82; familiarity with NERC CIP.
Deal dashboard, weekly executive updates, risk/issue logs; post-close lessons learned; BU handover package.
Executive communication and matrix leadership; ability to lead external advisors.
Bachelor’s degree in cybersecurity, computer science, engineering, or related field (or equivalent experience).
10+ years in cybersecurity with significant M&A diligence and integration/separation leadership.
Risk quantification (e.g., FAIR or equivalent); Lean/Agile/PMO experience with metrics focus.
Red-flag memo; preliminary NIST scorecard; diligence plan and data room list; clean-room SOPs.
OT/ICS Purdue mapping; zone/conduit strategy; NERC CIP relevance assessment (as applicable).
Experience across IT and OT/ICS security, including segmentation and operational resilience.
Experience improving cyber insurance submissions and influencing SPA/TSA controls.

Benefits

Location: Flexible US; hybrid/remote options based on candidate location.
SPA/TSA cyber clause recommendations; insurance underwriting package.
Integration/separation runbooks/playbooks; cutover command-center and stabilization plans.

Training + Development

Information not given or found

Interview process

Information not given or found

Visa Sponsorship

Information not given or found

Security clearance

offer contingent on successful completion of a drug screen (as applicable).

Company

Overview

April 2024

Founded

The company emerged from the spin-off of GE's energy units in April 2024.

>$10B Quarterly Revenue

Revenue Growth

Achieves over $10 billion in quarterly revenue, driven by demand for power infrastructure and digital solutions.

$3B

Wind Turbine Backlog

Maintains a significant backlog in wind turbine orders, reflecting strong market demand.

25%

Global Electricity Supply

Contributes to generating 25% of the world’s electricity through its installed turbines and grids.

Traces roots back to Edison and Alstom, merging power, renewable, digital & financial wings.
Headquartered in Cambridge, MA, crafts large-scale gas turbines, SMRs, wind turbines, hydro and grid tech to fuel economies.
On the nuclear front, advancing small modular reactors (like BWRX‑300) in partnership with utilities and supporting semiconductor projects.
Wind prowess spans onshore, offshore and blade making—with key sites like Dogger Bank offshore and blade plants in Spain.
Electrification arm tackles grid stability: HVDC, transformers, storage, conversion, plus GridOS software powering smarter infrastructure.
Weaves finance and consulting through energy-infrastructure investments, funding solar farms to pipelines via GE Energy Financial Services.

Culture + Values

Relentlessly focused on advancing the world’s transition to cleaner, more sustainable energy.
Believes in working with customers, partners, and communities to create innovative energy solutions that make a meaningful difference.
Prioritizes excellence, integrity, and accountability in everything they do.
Committed to driving real change through technology and partnerships that will transform the global energy landscape.

Environment + Sustainability

2050 target

Net zero commitment

Committed to achieving net zero carbon emissions by 2050.

Focused on reducing emissions through advanced energy technologies.
Maximizing use of renewable energy sources and leveraging digital solutions for energy efficiency.
Solutions aim to decarbonize industries and help customers meet their sustainability goals.

Inclusion & Diversity

Articles

Contact GE Vernova

Our Approach to Sustainability

Careers at GE Vernova