Business Security Partner, M&A

Business Security Partner, M&A at Netflix

At Netflix, our mission is to entertain the world. We are continuously pushing the boundaries of storytelling, global fandom, and making the unimaginable a reality. Join our team, obsessed with the uncomfortable excitement of discovering what happens when creativity, intuition, and cutting-edge technology merge.

The Team

The Business Security Partner (BSP) team delivers a balanced approach to securing our business, based on stakeholder context. Sitting within the Security, Privacy and Assurance (SPA) team at Netflix, we enable the company to pragmatically address top security risks while maintaining business agility, velocity, and scale.

We are seeking a Security Partner to lead security conversations between the Security team and our business units. The BSP team manages risk within stakeholder ecosystems, secures business workflows and technical environments, and delivers targeted awareness. Given Netflix's fast pace, this team is crucial for driving strong alignment that addresses critical risks.

The Role

We are looking for an experienced security professional with broad security domain knowledge who thrives in fast-paced, evolving environments. This role will be a crucial security point of contact for Netflix technical leadership and business stakeholders, focusing specifically on Netflix’s Merger & Acquisitions (M&As) technical due diligence. You will build relationships with target acquisition personnel, develop a deep understanding of their security posture, and drive security context across Netflix’s SPA organization. This position is critical for determining pre-close remediations and prioritizing integration activities during onboarding. You will also understand the strategic goals behind acquisitions to ensure SPA comprehends integration strategy and resource needs. Additional assignments may include other business units and net new subsidiaries formed within Netflix. You will also help assess the current security posture of previous acquisitions, ensuring alignment with Netflix’s security controls.

Netflix's unique culture, guided by doing things differently, helps maintain high velocity and requires our security team to operate unconventionally. We prioritize “People over Process,” hiring responsible individuals who thrive on openness and freedom. Instead of controlling stakeholders with processes and security gates, we enable them to securely create great content by providing security context for informed decisions.

Key Responsibilities

• Cultivate and maintain strong relationships with business stakeholders.
• Conduct threat intelligence for potential incoming target acquisition companies.
• Lead the security and privacy due diligence process for target acquisitions, including technical architecture reviews, penetration tests, vulnerability assessments, security and privacy evaluations, risk identification, and risk prioritization.
• Develop the security strategy for each incoming M&A; documenting key details about the target acquisition, technology stack, current security and privacy posture, third-party due diligence results, etc., ahead of deal close. This ensures all SPA team members and relevant stakeholders understand the acquisition’s security posture.
• Partner closely with our corporate IT M&A counterparts throughout the acquisition due diligence process.
• Partner with the M&A Security TPM to hand off active onboarding integration activities, ensuring a smooth transition for target acquisition personnel.
• Manage long-term security and privacy risk for the subsidiary after active onboarding, where applicable; ensuring critical and high-risk security issues are prioritized and mitigated/resolved.
• Evaluate risks within the acquisition, advise the business on prioritization, and recommend treatment strategies.
• Develop metrics and reporting in partnership with the M&A Security TPM to communicate security and privacy M&A status to SPA and other key stakeholders.
• Serve as the subject matter expert for the target on security, privacy, risk, and compliance.

Ideal Background

To be successful as a Business Security Partner, M&A, you'll need the following skills:

• Ability to easily partner and forge relationships with cross-functional teams and stakeholders.
• Thoughtful, responsible, self-motivated security professional who proactively seeks input.
• Excellent written and verbal communication skills, able to translate complex technical security concepts into business impact for non-technical audiences.
• Detailed understanding of legal concepts surrounding M&As.
• Experience conducting threat intelligence and/or security and privacy due diligence for M&As.
• Breadth across multiple security domains.
• Strong understanding of information security, risk, and data privacy, especially as it applies to Mergers & Acquisitions.
• Strong technical/development background, as well as the ability to discuss technical implementation.
• Cares deeply about creating a team that models psychological safety and inclusivity.
• Self-motivated, comfortable with ambiguity, and selfless in getting work done and leaning on experts.

Key skills/competency

• M&A Security Due Diligence
• Risk Management
• Threat Intelligence
• Information Security
• Data Privacy
• Technical Architecture Review
• Vulnerability Assessment
• Stakeholder Engagement
• Security Strategy
• Compliance Management