• Supporting core SOC operations across endpoint, identity, data protection, and vulnerability management • Monitoring and triaging security alerts with our MSSP • Contributing to fast and effective Incident Response • Enhancing threat detection and overall security visibility • Helping maintain and improve key security platforms such as DLP, EDR, and identity security tools • Following security processes and playbooks to ensure consistent operational quality • Collaborating with global IT teams to strengthen security and reduce risks • Contributing to threat intelligence and detection improvements • Supporting daily SOC tasks including email security, identity monitoring, and DLP reviews • Participating in continuous improvement initiatives to advance SOC maturity

Role Description As a Test Security Specialist focused on AP Investigations, you will lead investigations into AP test security incidents and score validity concerns. You will manage cases end to end by reviewing and synthesizing evidence such as statistical indicators, test day reports, plagiarism findings, AI-related reports, and any available supporting documentation or physical evidence. You will apply organization policies and legal requirements to reach clear, well-supported determinations, including whether evidence supports score cancellation. You will also communicate professionally with students, parents, and student representatives, including attorneys, counselors, and educators, to ensure timely case resolution and consistent, accurate policy explanation. This role requires strong judgment, attention to detail, and the ability to manage sensitive situations with fairness and discretion. Responsibilities of the role - Case Management (65%) - Own AP investigation cases end to end from intake through final determination and closure, ensuring each case is handled thoroughly, consistently, and within required timelines. - Triage and scope cases by identifying allegation type, applicable policy, key evidence needs, and any immediate risks or deadlines. - Collect, review, and synthesize evidence including statistical indicators, test day documentation, proctor and coordinator reports, seating and timing details (when available), plagiarism findings, AI-related reports, and any supporting materials submitted by stakeholders. - Analyze patterns and irregularities using investigative reasoning and data review techniques to determine whether observed signals are consistent with policy-defined misconduct or score validity concerns. - Document investigative work clearly and completely in the case management system, including evidence summaries, rationale, decision points, and recommended outcomes, to ensure audit ready and defensible case files. - Develop case recommendations that align to policy and evidentiary standards and collaborate with team leads and peers as needed on complex or high-risk determinations. - Coordinate cross-functional work with internal partners and external vendors to obtain evidence, validate reports, and resolve open questions, while protecting confidentiality and sensitive data. - Track and report case metrics such as status, aging, throughput, and outcomes, and surface trends, recurring issues, or process gaps to leadership. - Support continuous improvement by identifying opportunities to refine workflows, templates, documentation standards, and investigation playbooks to improve speed, consistency, and quality. - Customer Service (35%) - Communicate professionally and empathetically with students, parents, educators, and student representatives about cases under review, including what is being reviewed, what evidence is considered, and what steps occur next. - Draft clear written correspondence that accurately reflects policy, process, and case status, using a tone appropriate for sensitive situations and escalated concerns. - Conduct phone calls and written follow-ups to gather additional context, clarify documentation, and resolve stakeholder questions while maintaining confidentiality and neutrality. - Maintain detailed communication records so all stakeholder interactions, requests, and responses are captured consistently and are easy to reference during review or escalation. - De-escalate sensitive situations by explaining policies and outcomes diplomatically, setting expectations, and escalating to leadership or legal partners when needed. - Help ensure timely resolution by meeting response standards, managing follow-ups, and keeping cases moving forward without sacrificing quality or policy alignment. Qualifications - Associate degree required; bachelor’s degree preferred. - Strong investigative and problem-solving instincts, with analytical skills to support sound decisions and timely action. - Demonstrated success planning, executing, and completing projects within defined scope, timeline, and budget. - Excellent organizational and time-management skills, with the ability to manage multiple priorities and deadlines. - Strong interpersonal and communication skills, with a professional and diplomatic approach in both domestic and international settings, including sensitive customer interactions. - Proven ability to work effectively as part of a diverse team and contribute to collaborative, solutions-focused outcomes. - Experience managing relationships with internal stakeholders, third-party partners, and vendors. - Proficiency in PowerPoint, Word, Excel, and Salesforce. - Ability to learn new internally developed systems quickly and apply them to streamline and manage daily work. - Experience in investigations, compliance, test security, fraud prevention, risk management, or casework in a regulated environment. - Strong data analysis skills, including comfort interpreting statistical flags and trends in Excel. - Experience interpreting plagiarism findings and/or AI-related authorship indicators and translating technical outputs into clear documentation. - Demonstrated ability to manage escalations and sensitive stakeholder interactions with discretion and sound judgment. - Experience partnering with legal counsel or working in environments requiring strict confidentiality and documentation standards. Success Measures - Case throughput and timeliness: Managing an assigned caseload and moving cases from intake to closure within established timelines, including increased volume during peak periods. Where applicable, meeting productivity expectations aligned to case complexity and seasonality. - Quality and audit readiness: Producing complete, accurate, and well-organized case files with clear evidence summaries and documented rationale that meet audit and documentation standards. - SLA adherence: Meeting response and follow-up expectations for stakeholder communications and internal milestones, including timely documentation of interactions and next steps. - Decision consistency: Applying policies and evidentiary standards consistently across cases and escalating complex, high-risk, or ambiguous matters appropriately. - Stakeholder experience: Communicating clearly and professionally, setting expectations, and resolving cases with fairness and respect, including effective de-escalation when needed. - Operational contribution: Identifying recurring issues, trends, and process improvements that strengthen investigation quality, consistency, and efficiency. Benefits - Healthcare Benefits including Medical, Prescription, Vision & Dental Coverage | United Healthcare - Voluntary STD & LTD | New York Life - 401(k) Retirement Planning | Fidelity - Discount Program *You are Eligible to participate in the benefits program if you are considered a full-time employee of nextSource, working at least 30 hours per week on a consistent basis. Your coverage will be effective on the 1st of the month following 60 days of employment.

• Support the Department of Veterans Affairs (VA) by guiding systems through the full Risk Management Framework (RMF) lifecycle and ensuring compliance with VA security policies and authorization requirements. • Partner with Information System Owners (ISOs), Information System Security Officers (ISSOs), and other stakeholders to coordinate Authorization to Operate (ATO) activities, identify and mitigate risks, and maintain the security posture of systems from acquisition and deployment through decommissioning. • Serve as a trusted security advisor, translating complex cybersecurity requirements into practical recommendations that enable secure and compliant IT system implementation. • Coordinate and support RMF Steps 0–6 activities required to obtain and maintain system Authorizations to Operate (ATO). • Collaborate with Information System Owners (ISOs), Information System Security Officers (ISSOs), and system stakeholders to ensure security requirements are implemented and documented. • Develop, update, and maintain detailed security documentation and authorization artifacts in accordance with VA policies and processes. • Identify, assess, and help mitigate security risks and vulnerabilities, escalating critical risks to leadership when necessary. • Provide information system security guidance throughout the system lifecycle, including acquisition, installation, operations, and decommissioning. • Translate complex cybersecurity and RMF requirements into actionable recommendations to support secure system deployment and operations. • Support security reviews of IT systems, networks, hardware, and software across a variety of environments and installation sites.

Introduction Welcome to Gallagher - a global community of people who bring bold ideas, deep expertise, and a shared commitment to doing what’s right. We help clients navigate complexity with confidence by empowering businesses, communities, and individuals to thrive. At Gallagher, you’ll find more than a job; you’ll find a culture built on trust, driven by collaboration, and sustained by the belief that we’re better together. Whether you join us in a client-facing role or as part of our brokerage division, our benefits and HR consulting division, or our corporate team, you’ll have the opportunity to grow your career, make an impact, and be part of something bigger. Experience a workplace where you’re encouraged to be yourself, supported to succeed, and inspired to keep learning. That’s what it means to live The Gallagher Way. Overview GCIS M&A Cybersecurity Analyst Job Description The M&A Cybersecurity Analyst is responsible for identifying, evaluating, and communicating cybersecurity risks associated with potential acquisition and merger partners. This role operates with a high degree of independence and serves as a trusted risk advisor to M&A leadership by translating complex and often incomplete technical information into clear, actionable risk insights that influence deal decisions and integration strategy. The analyst performs structured cybersecurity assessments, conducts investigative analysis of target environments, and develops risk-based recommendations that support informed decision-making throughout the due diligence and early integration lifecycle. Please note additional position details below: - This is a Temp-To-Hire, W-2 and T4 position. We cannot do 1099 or C2C or incorporation. - It is a fully remote role that will need to be based in the U.S or in Canada. - You must meet our U.S. and Canada Eligibility requirements for work authorization as noted under "Additional Information" at the bottom of the job description. How you'll make an impact Core Responsibilities - Lead and support cybersecurity risk assessments for acquisition targets across varying levels of maturity and technical complexity. - Analyze target IT environments to identify material security risks across infrastructure, applications, identity, cloud services, and historical incident activity. - Conduct open-source intelligence (OSINT) research to identify external exposures and breach - Apply established M&A cybersecurity evaluation methodologies to assess risk posture and highlight areas requiring remediation or enhanced monitoring. - Translate technical findings into clear, executive-level risk narratives and actionable recommendations. - Collaborate with M&A IT, divisional stakeholders, legal, and integration teams to validate findings and support remediation planning. - Provide regular assessment updates to M&A leadership and project teams, including emerging risks, mitigation progress, and residual exposure. - Identify recurring risk patterns across acquisitions and contribute to continuous improvement of due diligence methodologies and mitigation controls. - Support development of metrics, dashboards, and KPI reporting to improve visibility into assessment quality, risk trends, and program effectiveness. Key Job Elements - Review and interpret due diligence artifacts provided by acquisition targets and internal M&A IT teams. - Draft cybersecurity risk assessment memorandums that clearly articulate material risks, likelihood, and potential business impact. - Coordinate stakeholder reviews, approvals, and management action alignment for assessment deliverables. - Participate in peer review and quality assurance processes to maintain consistency and accuracy across assessments. - Recognize cross-deal trends and recommend enhancements to due diligence processes, tooling, and reporting. About you Required Qualifications - Bachelor’s degree in Information Security, Computer Science, Information Technology, Business, or related field (or equivalent experience). - 2 - 5 years of experience in cybersecurity risk assessment, due diligence, security consulting, vulnerability management, or related disciplines. - Working knowledge of cybersecurity principles across network security, endpoint security, cloud environments, identity, application security, and threat intelligence. - Strong analytical and critical thinking skills with the ability to prioritize risk with incomplete information. - Experience applying security frameworks and structured risk evaluation methodologies. - Excellent written communication skills with the ability to translate technical findings into clear business risk narratives. - Demonstrated ability to manage multiple concurrent efforts within fast-moving, deadline-driven environments. Preferred Qualifications - Experience supporting mergers and acquisitions, consulting engagements, or structured cybersecurity assessment programs. - Familiarity with investigative techniques such as OSINT research, cybersecurity incident history analysis, and external exposure discovery. - Exposure to cybersecurity governance frameworks (ISO, NIST, CIS) within assessment or advisory contexts. - Ability to evaluate security maturity and control effectiveness in environments with limited documentation or incomplete visibility. - Professional certifications such as CISSP, CRISC, CISM, or equivalent. #LI-NJ1 #Contingent #APintegration Compensation and benefits We offer a competitive and comprehensive compensation package. The base salary range represents the anticipated low end and high end of the range for this position. The actual compensation will be influenced by a wide range of factors including, but not limited to previous experience, education, pay market/geography, complexity or scope, specialized skill set, lines of business/practice area, supply/demand, and scheduled hours. On top of a competitive salary, great teams and exciting career opportunities, we also offer a wide range of benefits. Below are the minimum core benefits you’ll get, depending on your job level these benefits may improve: - Medical/dental/vision plans, which start from day one! - Life and accident insurance - 401(K) and Roth options - Tax-advantaged accounts (HSA, FSA) - Educational expense reimbursement - Paid parental leave Other benefits include: - Digital mental health services (Talkspace) - Flexible work hours (availability varies by office and job function) - Training programs - Gallagher Thrive program – elevating your health through challenges, workshops and digital fitness programs for your overall wellbeing - Charitable matching gift program - And more... **The benefits summary above applies to fulltime positions. If you are not applying for a fulltime position, details about benefits will be provided during the selection process. We value inclusion and diversity Click Here to review our U.S. Eligibility Requirements Inclusion and diversity (I&D) is a core part of our business, and it’s embedded into the fabric of our organization. For more than 95 years, Gallagher has led with a commitment to sustainability and to support the communities where we live and work. Gallagher embraces our employees’ diverse identities, experiences and talents, allowing us to better serve our clients and communities. We see inclusion as a conscious commitment and diversity as a vital strength. By embracing diversity in all its forms, we live out The Gallagher Way to its fullest. Gallagher believes that all persons are entitled to equal employment opportunity and prohibits any form of discrimination by its managers, employees, vendors or customers based on race, color, religion, creed, gender (including pregnancy status), sexual orientation, gender identity (which includes transgender and other gender non-conforming individuals), gender expression, hair expression, marital status, parental status, age, national origin, ancestry, disability, medical condition, genetic information, veteran or military status, citizenship status, or any other characteristic protected (herein referred to as “protected characteristics”) by applicable federal, state, or local laws. Equal employment opportunity will be extended in all aspects of the employer-employee relationship, including, but not limited to, recruitment, hiring, training, promotion, transfer, demotion, compensation, benefits, layoff, and termination. In addition, Gallagher will make reasonable accommodations to known physical or mental limitations of an otherwise qualified person with a disability, unless the accommodation would impose an undue hardship on the operation of our business.