Principal Risk Advisor

Job Description Summary

The MA&D Risk and Third-Party Risk Manager is responsible for leading cybersecurity and data privacy risk management across mergers, acquisitions, divestitures, and other strategic transactions, as well as supporting broader third-party risk activities. This role coordinates due diligence and readiness assessments with internal stakeholders and external providers, translates complex technical findings into clear business risk insights, and supports risk-informed decision-making throughout the deal lifecycle and integration phases. The manager also contributes to the development and improvement of MA&D and third-party risk standards, processes, and metrics, helping to reduce cyber and privacy risk, improve integration outcomes, and enhance the overall maturity and consistency of enterprise risk practices.

The MA&D Risk and Third-Party Risk Manager serve as a key risk lead and coordinator for cybersecurity and data privacy across mergers, acquisitions, divestitures, and other strategic transactions. This role is responsible for coordinating readiness assessments, interpreting complex technical findings into business-focused risk insights, and supporting risk-informed decision-making throughout the deal lifecycle. The manager will coordinate MA&D risk processes, contribute to standards, and monitor performance metrics to help ensure consistent, timely, and high-quality execution.

The MA&D Risk and Third-Party Risk Manager will also support broader Third-Party Risk Management (TPRM) activities as bandwidth permits, helping align MA&D practices with enterprise third-party risk frameworks, policies, and tools. This role plays a critical part in reducing cyber and privacy risk in strategic transactions, improving integration outcomes, and advancing the maturity and consistency of MA&D and third-party risk practices across the enterprise. Strong leadership, collaboration, and problem-solving skills are essential, along with the ability to influence and communicate effectively with technical and non-technical stakeholders across the organization and with external providers.

Job Description

Roles and Responsibilities:

• Lead cybersecurity and data privacy risk scoping and planning for mergers, acquisitions, divestitures, joint ventures, and other strategic transactions.
• Coordinate MA&D cybersecurity and privacy readiness assessments with external providers, including but not limited to maturity assessments, compromise assessments, software composition analysis, application security testing (SAST/DAST), Office 365 security reviews, network security assessments, red team exercises, executive background research, and integration support.
• Review and synthesize provider assessment outputs, translating technical findings into clear, business-focused risk summaries that highlight significant business impacts, likelihood and severity, and prioritization of remediation activities.
• Develop and present structured recommendations to support deal decisions, including risk acceptance, mitigation strategies, deal term adjustments, and conditions for close (e.g., remediation milestones and required controls).
• Partner with Corporate Development, Cybersecurity, Privacy, Legal, IT, and business leaders to integrate cybersecurity and privacy risk considerations into deal evaluation, negotiation, and integration planning.
• Coordinate Day 1 cyber readiness activities and support the design and implementation of future-state cyber operating models for acquired or divested entities, ensuring alignment with enterprise security standards and control frameworks.
• Convert assessment findings into actionable remediation plans with clear owners, timelines, and tracking mechanisms; monitor progress, escalate delays or critical risks, and provide options and trade-offs to stakeholders.
• Contribute to the development, maintenance, and continuous improvement of MA&D risk management standards, procedures, and playbooks, ensuring alignment with enterprise cybersecurity and privacy policies and standard control frameworks (such as NIST, CIS, ISACA, or ISO).
• Collaborate with security awareness and training program owners to ensure MA&D-related requirements, patterns, and lessons learned are incorporated into training, guidance, and communications for key stakeholder groups.
• Oversee the repository of MA&D projects, assessments, risks, and compliance issues in the governance, risk, and compliance (GRC) tool, working with operations and GRC teams to ensure workflows are in place to trigger security reviews based on data risk ratings and to track findings through remediation and closure.
• Manage MA&D-related cybersecurity and privacy policy exceptions, ensuring that exceptions are documented, approved, monitored, and reviewed or closed prior to expiration; ensure that automated alerts are issued to the SOC or relevant teams as needed.
• Support high-risk third-party risk assessments and onboarding/offboarding activities, applying MA&D-style rigor for critical suppliers or engagements as bandwidth permits.
• Contribute to the design and implementation of third-party risk operating model enhancements, ensuring alignment between MA&D risk practices and enterprise TPRM processes, standards, and risk scoring approaches.
• Develop and track key performance indicators (KPIs) for MA&D risk activities (such as volume of deals assessed, assessment cycle time, number and severity of findings, and remediation cycle time), and contribute MA&D-related insights to broader TPRM and cybersecurity reporting.

Minimum Qualifications:

• Bachelor's degree from accredited university or college with minimum of 10 years of professional experience OR Associates degree with minimum of 13 years of professional experience OR High School Diploma with minimum of 15 years of professional experience
• Minimum 7 years of professional experience in Risk Management
• Note: Military experience is equivalent to professional experience

Eligibility Requirement:

• Legal authorization to work in the U.S. is required. We will not sponsor individuals for employment visas, now or in the future, for this job.

Desired Characteristics:

Experience in cybersecurity, data privacy, and third-party risk management disciplines as relevant to the following:

• Lead cross-functional teams and MA&D-focused workstreams, leveraging strong influencing skills to guide risk-based decision-making across deal teams, corporate functions, and external providers.
• Demonstrate strong experience in cybersecurity and data privacy risk assessment, compliance, and regulatory standards, with the ability to interpret assessment outputs (e.g., SAST/DAST, SCA, red team, network assessments, O365 security reviews) and convert them into actionable business risk insights.
• Provide subject matter expertise within the MA&D cyber and privacy risk domain, ensuring alignment with secure supply chain and third-party risk best practices, emerging regulations, and organizational requirements.
• Exhibit strong analytical and strategic problem-solving abilities, using data and structured thinking to assess complex risk scenarios, develop pragmatic remediation plans, and define metrics for monitoring risk and performance.
• Act as a change agent for MA&D risk management, contributing to improvements in standards, processes, and tools, while demonstrating comfort in ambiguity and the ability to make informed, balanced decisions under time pressure.
• Foster collaboration and communication across Corporate Development, Cybersecurity, Privacy, Legal, IT, business teams, and external partners, establishing trust and credibility while continuously seeking opportunities to improve MA&D and third-party risk processes and solutions.

Note:

The base pay range for this position is $152,000 to $222,000 annually . The specific pay offered may be influenced by a variety of factors, including the candidate's experience, education, and skill set. This position is also eligible for an annual discretionary bonus based on a percentage of your base salary/ commission based on the plan. This posting is expected to close on February 6th, 2026 .

GE Aerospace offers comprehensive benefits and programs to support your health and, along with programs like HealthAhead, your physical, emotional, financial and social wellbeing. Healthcare benefits include medical, dental, vision, and prescription drug coverage; access to a Health Coach from GE Aerospace; and the Employee Assistance Program, which provides 24/7 confidential assessment, counseling and referral services. Retirement benefits include the GE Aerospace Retirement Savings Plan, a 401(k) savings plan with company matching contributions and company retirement contributions, as well as access to Fidelity resources and planning consultants. Other benefits include tuition assistance, adoption assistance, paid parental leave, disability insurance, life insurance, and paid time-off for vacation or illness.

GE Aerospace (General Electric Company or the Company) and its affiliates each sponsor certain employee benefit plans or programs (i.e., is a "Sponsor"). Each Sponsor reserves the right to terminate, amend, suspend, replace or modify its benefit plans and programs at any time and for any reason, in its sole discretion. No individual has a vested right to any benefit under a Sponsor's welfare benefit plan or program. This document does not create a contract of employment with any individual.

To comply with US immigration and other legal requirements, it is necessary to specify the minimum number of years' experience required for any role based within the USA. For roles outside of the USA, to ensure compliance with applicable legislation, the JDs should focus on the substantive level of experience required for the role and a minimum number of years should NOT be used.

Additional Information

Compensation Grade

SPB2

GE Aerospace offers a great work environment, professional development, challenging careers, and competitive compensation. GE Aerospace is an Equal Opportunities Employer. Employment decisions are made without regard to race, color, religion, national or ethnic origin, sex, sexual orientation, gender identity or expression, age, disability, protected veteran status or other characteristics protected by law.

GE Aerospace will only employ those who are legally authorized to work in the United States for this opening.

Relocation Assistance Provided: No