Information Security Consultant

📋 Description

• Providing guidance on the creation and enhancement of Information Security Management Systems (ISMS) and Business Continuity Management Systems (BCMS) across a range of industries and organizational sizes.

• Offering advice on the assimilation and execution of regulatory mandates such as the BSI Act, the KRITIS umbrella law, and the Digital Operational Resilience Act (DORA), among other standards.

• Organizing and executing risk assessments and treatment strategies to ensure effective manageability through KPIs, roadmaps, and prioritization.

• Crafting frameworks and governance documents for clients operating in regulated fields, including KRITIS, NIS-2, and the KRITIS umbrella law.

• Conducting internal audits and assisting our clients in preparing for certification to ISO 27001 and/or TISAX.

• Developing and implementing emergency and incident response drills.

• Engaging in internal projects, organizing our collective expertise within the firm, and advancing our consulting methodologies.

⛳️ Requirements

• A minimum of 3 years of hands-on experience in management consultancy with a focus on information and IT security issues.

• A university degree or equivalent qualifications in one or more relevant fields, such as IT security, (business) informatics/computer science, business administration, or security management.

• Proficient knowledge of standards and methodologies including ISO 27001, ISO 22301, and TISAX.

• Optional knowledge of ISO 27031, DORA, BSI IT-Grundschutz, etc.

• Desirable (but not mandatory): CISM/CISA certification, ISO 27001 Auditor qualification, experience as an external CISO/ISB, IT-Grundschutz practitioner/consultant, Certified ITSC-Manager, etc.

• Excellent proficiency in German and good command of English.

🏝️ Benefits

• Participation in a corporate fitness program.

• Team-building events: Because “we” signifies more than just a term.