Information Security Analyst - M&A Integration

Location: Come and join us in Hamburg!

We are looking for a Information Security Analyst for M&A Integration, who will be responsible for safeguarding the organization’s digital assets and reputation during corporate growth initiatives. By conducting rigorous pre-acquisition due diligence and leading the complex post-merger technical integration, this role ensures that new entities are seamlessly and securely onboarded into the corporate environment. The primary objective is to bridge the gap between a target company's current security state and our ISO 27001 standards, mitigating "hidden" technical debt and preventing security regressions during transitions.

---

YOUR DAILY ADVENTURES WILL INCLUDE:

• End-to-End Due Diligence: Execute comprehensive security risk assessments of target companies, evaluating their technical stack, data privacy controls, and historical breach records to inform deal valuation.
• ISO 27001 Standardization: Map the security controls of acquired companies (especially non-certified smaller entities) against our ISO 27001 framework and develop prioritized remediation plans.
• Integration Project Management: Lead the technical migration of identity providers, endpoint management, and cloud environments to ensure a unified security perimeter post-close.
• Access & Asset Governance: Manage the secure consolidation of "Shadow IT" and legacy systems from the acquired company, ensuring all hardware and software are accounted for in the master inventory.
• Security Posture Validation: Conduct post-integration penetration testing and vulnerability scans to verify that the merger has not introduced new weaknesses into the parent organization.

Communication:

• Executive Reporting: Translate technical vulnerabilities and integration hurdles into clear, risk-based business language for the M&A steering committee and C-suite.
• Cross-Functional Liaison: Act as the primary security point of contact between Legal, IT, HR, and Development to ensure security requirements are baked into the overall integration timeline.
• Cultural Integration: Facilitate workshops and training for the acquired company’s staff to build rapport and educate them on our security culture and compliance obligations by using our existing training material.
• Vendor & Third-Party Management: Coordinate with external auditors and service providers of the acquired entity to manage contract transitions or service terminations.

Innovation:

• Playbook Development: Design and continuously refine a scalable M&A "Security Integration Playbook" that utilizes automation to speed up the discovery and assessment phases.
• Tooling Optimization: Evaluate and implement specialized M&A discovery tools or scripts that can quickly audit the security posture of unknown networks with minimal disruption.
• Adaptive Security Frameworks: Develop flexible security "on-ramps" that allow smaller, high-growth startups to integrate quickly without the immediate burden of full certification, while maintaining strict risk boundaries.
• Process Automation: Identify opportunities to automate the synchronization of user identities and policy deployments across disparate systems during the "Day 1" transition.

---

TO BE SUCCESSFUL IN THIS ROLE:

• Framework Expertise: Advanced knowledge of ISO/IEC 27001 and GDPR is preferred. Alternative knowledge of NIST and SOC2 could be helpful.
• M&A Lifecycle Fluency: Experience navigating the specific phases of a deal, from initial "clean room" data analysis to long-term post-merger synergy realization would be beneficial.
• Technical Proficiency: Strong grasp of cloud architecture (AWS), Zero Trust Network Access (ZTNA), and modern IAM solutions (e.g., Okta, SAML).
• Strategic Problem Solving: The ability to find creative security solutions when dealing with legacy technology or "unmanaged" environments typical of smaller startup acquisitions.
• Change Management: Proficiency in leading organizational change and influencing technical teams over whom you may not have direct hierarchical authority.

---

BENEFITS & PERKS IN A NUTSHELL:

Flexible working arrangements	LinkedIn Learning
Sabbatical & special leave policies	WeRoad partnership
Birthday, 24th + 31st December off	Short term EU work policy
Mobility Credit	Health Insurance
Employee assistance program

---

DIVERSITY, EQUITY & INCLUSION:

FREE NOW is an equal opportunity employer and we consider qualified applicants regardless of race, religion, national origin, gender, gender identity, sexual orientation, disability or age.
We want you to grow and evolve, bring your true self to work.

---

ABOUT US:

Freenow by Lyft empowers smarter mobility decisions, helping people to move freely and cities to thrive. Through our multi-mobility app, we feature broad options for everyone across 9 European markets and over 180 cities. Millions of passengers can access services including taxis, private hire vehicles, carsharing, car rental, e-scooters, e-bikes, e-mopeds, and public transport within a single app.

In July 2025 Freenow was acquired by Lyft, a global mobility platform, which connects riders and drivers for billions of rides across North America and Europe. Together, Freenow and Lyft are creating a more caring and connected world, with transportation for everyone. We are a global, diverse, highly motivated, and collaborative team that strives for excellence and likes to have fun. Ready for your next ride?