Introduction Welcome to Gallagher - a global community of people who bring bold ideas, deep expertise, and a shared commitment to doing what’s right. We help clients navigate complexity with confidence by empowering businesses, communities, and individuals to thrive. At Gallagher, you’ll find more than a job; you’ll find a culture built on trust, driven by collaboration, and sustained by the belief that we’re better together. Whether you join us in a client-facing role or as part of our brokerage division, our benefits and HR consulting division, or our corporate team, you’ll have the opportunity to grow your career, make an impact, and be part of something bigger. Experience a workplace where you’re encouraged to be yourself, supported to succeed, and inspired to keep learning. That’s what it means to live The Gallagher Way. Overview GCIS M&A Cybersecurity Analyst Job Description The M&A Cybersecurity Analyst is responsible for identifying, evaluating, and communicating cybersecurity risks associated with potential acquisition and merger partners. This role operates with a high degree of independence and serves as a trusted risk advisor to M&A leadership by translating complex and often incomplete technical information into clear, actionable risk insights that influence deal decisions and integration strategy. The analyst performs structured cybersecurity assessments, conducts investigative analysis of target environments, and develops risk-based recommendations that support informed decision-making throughout the due diligence and early integration lifecycle. Please note additional position details below: - This is a Temp-To-Hire, W-2 and T4 position. We cannot do 1099 or C2C or incorporation. - It is a fully remote role that will need to be based in the U.S or in Canada. - You must meet our U.S. and Canada Eligibility requirements for work authorization as noted under "Additional Information" at the bottom of the job description. How you'll make an impact Core Responsibilities - Lead and support cybersecurity risk assessments for acquisition targets across varying levels of maturity and technical complexity. - Analyze target IT environments to identify material security risks across infrastructure, applications, identity, cloud services, and historical incident activity. - Conduct open-source intelligence (OSINT) research to identify external exposures and breach - Apply established M&A cybersecurity evaluation methodologies to assess risk posture and highlight areas requiring remediation or enhanced monitoring. - Translate technical findings into clear, executive-level risk narratives and actionable recommendations. - Collaborate with M&A IT, divisional stakeholders, legal, and integration teams to validate findings and support remediation planning. - Provide regular assessment updates to M&A leadership and project teams, including emerging risks, mitigation progress, and residual exposure. - Identify recurring risk patterns across acquisitions and contribute to continuous improvement of due diligence methodologies and mitigation controls. - Support development of metrics, dashboards, and KPI reporting to improve visibility into assessment quality, risk trends, and program effectiveness. Key Job Elements - Review and interpret due diligence artifacts provided by acquisition targets and internal M&A IT teams. - Draft cybersecurity risk assessment memorandums that clearly articulate material risks, likelihood, and potential business impact. - Coordinate stakeholder reviews, approvals, and management action alignment for assessment deliverables. - Participate in peer review and quality assurance processes to maintain consistency and accuracy across assessments. - Recognize cross-deal trends and recommend enhancements to due diligence processes, tooling, and reporting. About you Required Qualifications - Bachelor’s degree in Information Security, Computer Science, Information Technology, Business, or related field (or equivalent experience). - 2 - 5 years of experience in cybersecurity risk assessment, due diligence, security consulting, vulnerability management, or related disciplines. - Working knowledge of cybersecurity principles across network security, endpoint security, cloud environments, identity, application security, and threat intelligence. - Strong analytical and critical thinking skills with the ability to prioritize risk with incomplete information. - Experience applying security frameworks and structured risk evaluation methodologies. - Excellent written communication skills with the ability to translate technical findings into clear business risk narratives. - Demonstrated ability to manage multiple concurrent efforts within fast-moving, deadline-driven environments. Preferred Qualifications - Experience supporting mergers and acquisitions, consulting engagements, or structured cybersecurity assessment programs. - Familiarity with investigative techniques such as OSINT research, cybersecurity incident history analysis, and external exposure discovery. - Exposure to cybersecurity governance frameworks (ISO, NIST, CIS) within assessment or advisory contexts. - Ability to evaluate security maturity and control effectiveness in environments with limited documentation or incomplete visibility. - Professional certifications such as CISSP, CRISC, CISM, or equivalent. #LI-NJ1 #Contingent #APintegration Compensation and benefits We offer a competitive and comprehensive compensation package. The base salary range represents the anticipated low end and high end of the range for this position. The actual compensation will be influenced by a wide range of factors including, but not limited to previous experience, education, pay market/geography, complexity or scope, specialized skill set, lines of business/practice area, supply/demand, and scheduled hours. On top of a competitive salary, great teams and exciting career opportunities, we also offer a wide range of benefits. Below are the minimum core benefits you’ll get, depending on your job level these benefits may improve: - Medical/dental/vision plans, which start from day one! - Life and accident insurance - 401(K) and Roth options - Tax-advantaged accounts (HSA, FSA) - Educational expense reimbursement - Paid parental leave Other benefits include: - Digital mental health services (Talkspace) - Flexible work hours (availability varies by office and job function) - Training programs - Gallagher Thrive program – elevating your health through challenges, workshops and digital fitness programs for your overall wellbeing - Charitable matching gift program - And more... **The benefits summary above applies to fulltime positions. If you are not applying for a fulltime position, details about benefits will be provided during the selection process. We value inclusion and diversity Click Here to review our U.S. Eligibility Requirements Inclusion and diversity (I&D) is a core part of our business, and it’s embedded into the fabric of our organization. For more than 95 years, Gallagher has led with a commitment to sustainability and to support the communities where we live and work. Gallagher embraces our employees’ diverse identities, experiences and talents, allowing us to better serve our clients and communities. We see inclusion as a conscious commitment and diversity as a vital strength. By embracing diversity in all its forms, we live out The Gallagher Way to its fullest. Gallagher believes that all persons are entitled to equal employment opportunity and prohibits any form of discrimination by its managers, employees, vendors or customers based on race, color, religion, creed, gender (including pregnancy status), sexual orientation, gender identity (which includes transgender and other gender non-conforming individuals), gender expression, hair expression, marital status, parental status, age, national origin, ancestry, disability, medical condition, genetic information, veteran or military status, citizenship status, or any other characteristic protected (herein referred to as “protected characteristics”) by applicable federal, state, or local laws. Equal employment opportunity will be extended in all aspects of the employer-employee relationship, including, but not limited to, recruitment, hiring, training, promotion, transfer, demotion, compensation, benefits, layoff, and termination. In addition, Gallagher will make reasonable accommodations to known physical or mental limitations of an otherwise qualified person with a disability, unless the accommodation would impose an undue hardship on the operation of our business.

• Conduct security audits on systems to identify risks, address vulnerabilities, and strengthen security measures. • Perform security assessments for new and existing tools, services, and integrations, identifying potential risks and providing clear requirements and recommendations. • Collaborate with business and technical owners to define the intended purpose of a tool, the data it stores, and its associated security risks. • Review access requirements as part of tool and integration security assessments, ensuring permissions are granted on a need ‑ to ‑ know basis. • Develop and maintain corporate security policies and guidelines related to software and technology usage. • Support and enhance governance processes to ensure security and compliance.

Role Description Visual Soft, Inc is seeking qualified candidates to work on our efforts with a Prime for their end customer, a federal agency. - Position: SOC - Security Analyst (US Citizenship is a MUST) - (fully REMOTE with first 2 weeks onsite training in Shift 1- 8 AM to 5 PM) - Location: Washington, DC, next to Union Station metro - Compensation: Based on certifications, education and experience, very competitive - Various Shifts available. SHIFT TIMINGS: 3rd SHIFT- M-F 11PM-7:30AM The SOC Analyst has the primary responsibility of aggressively monitoring and responding to alerts triggered in the SIEM tool or requests for assistance from customers. The SOC Analyst will use a variety of tools to investigate incidents and take immediate action or recommend a course of action to safeguard the U.S. Courts systems. The SOC Analyst works as Tier 1/2 support and will be under a senior SOC analyst/shift lead for review before completing event notation to assure correctness in reviews. Events that require over 15 minutes of analysis are to be escalated to the Seniors on shift for analysis. Qualifications - Minimum of two (2)+ years of hands-on network intrusion detection experience with 3-5 years of total experience. - Ability to investigate and evaluate network traffic. - Ability to read and interpret log and sniffer packets, Wireshark. - Ability to analyze data from a variety of sources over time and create a logical narrative of observed behavior. - Ability to communicate clearly both orally and in writing. Requirements - Prior or ongoing experience (2+ yrs) of working in a SOC environment is a MUST. - First two (2) weeks will be on Shift 1, 8 AM to 5 PM for training; following that, the selected candidate will be moved to Shift 3. - Candidate will have 2+ years of hands-on performing intrusion detection analytics working with the examination of logs and console events in the following areas: Splunk, examining Snort based IDS events, PCAP, web server log review, and working in a SIEM environment. - Education Requirement: High School diploma preferred, industry certifications are desired such as CEH or Security+ or other industry certifications. - Clearance requirement: U.S. Citizenship is required. Benefits - 3 weeks of Paid time off (PTO that includes sick leave). Any unused PTO will be issued as a check at the end of an employee's anniversary with us. - 2 floating and 8 public holidays. Floating and holidays expire at the end of every year of service of an employee. - Company will cover 50% of health and dental insurances only for all full-time employees; dependents can be added at extra cost. - Employee's health and dental coverage becomes effective after 30 days or first of the month after an employee completes initial 30 working days. - STD, LTD and one-time salary equivalent of life insurance at NO cost to all full-time employees. - All full-time employees or W-2 employees with no benefits will be eligible to participate in the company's 401k program after 90 days of employment with a company match of 4%, immediate vesting. - All W-2 employees are eligible to be part of the company's profit sharing, no employee contributions required.

Role Description We are seeking a Junior ISRM Threat Analyst to support the organization’s cybersecurity operations by monitoring, analyzing, and responding to potential security threats. This is an entry-level opportunity ideal for candidates looking to gain hands-on experience in incident response, threat analysis, and security operations while working alongside experienced cybersecurity professionals. Key Responsibilities - Threat Monitoring & Analysis - Monitor SIEM, IDS/IPS, and other security tools for potential threats - Analyze security logs and alerts to detect suspicious activity - Research emerging threats, vulnerabilities, and attack vectors - Assist in maintaining and updating threat intelligence feeds - Incident Response Support - Assist in investigation and containment of security incidents - Collect and document evidence related to incidents - Follow established incident response procedures and playbooks - Support post-incident analysis and reporting - EDR Administration - Support management of enterprise EDR tools - Assist with deployment and testing of configurations and sensors - Collaborate with IT teams to troubleshoot endpoint security issues - Threat Hunting - Assist senior analysts in proactive threat hunting activities - Use threat intelligence tools to identify risks - Document findings and contribute to reports - Reporting & Documentation - Prepare security reports and presentations - Maintain accurate documentation of incidents and vulnerabilities - Contribute to security awareness materials - Continuous Learning - Stay updated on latest cybersecurity threats and best practices - Participate in training and pursue relevant certifications Qualifications - Bachelor’s degree in Information Systems, Cybersecurity, or related field - Basic understanding of cybersecurity concepts and tools - Knowledge of SIEM, IDS/IPS, and endpoint security tools - Strong analytical and problem-solving skills - Good written and verbal communication skills Preferred Skills - Familiarity with EDR tools - Network security fundamentals - Operating systems (Windows, Linux, macOS) - Exposure to threat intelligence platforms - Incident response processes - Basic knowledge of TCP/IP, networking, and security protocols - Vulnerability management concepts Nice-to-Have Certifications - CompTIA Security+ - CEH (Certified Ethical Hacker) - GSEC or similar entry-level cybersecurity certifications