Senior Consultant, ISMS & Regulatory Compliance

This is a fully remote position, open to applicants in Germany.

📋 Description

• You will contribute to the establishment of a new practice currently in development.

• As one of the initial members, you will collaborate with our Managing Partners to define the portfolio and successfully win and deliver the first major mandates.

• You will take responsibility for consulting projects involving ISO 27001, NIS2, TISAX, and DORA for clients in various sectors such as industry, automotive, healthcare, and critical infrastructure.

• Your role will include designing and continuously enhancing Information Security Management Systems (ISMS), which encompasses risk management, identifying protection needs, action planning, and providing audit support.

• You will conduct gap assessments, maturity analyses, and third-party risk evaluations.

• Preparation and support during certification and surveillance audits will be part of your responsibilities.

• You will provide advisory services to CISOs, Data Protection Officers, and executive leadership as a trusted peer and advisor.

• Active involvement in the development of the PEC cybersecurity portfolio: method development, tool selection (HiScout, verinice, ServiceNow GRC), and the creation of reusable frameworks and templates.

• Technical development and mentoring of junior consultants will be expected as the team expands.

• You will serve as a sparring partner for our Managing Partners on strategic account and proposal matters.

• Expect no monotony — you will engage in stimulating tasks on challenging projects with international top-tier companies!

⛳️ Requirements

• A minimum of 5 years of professional experience in ISMS and GRC consulting, ideally enhanced by audit experience or in-house experience within a corporate group.

• Strong understanding of ISO 27001 and at least one additional framework such as NIS2, TISAX, DORA, or NIST CSF.

• Familiarity with BSI IT-Grundschutz is a plus.

• Hands-on experience with ISMS tools like HiScout, verinice, or ServiceNow GRC.

• Certification as an ISO 27001 Lead Auditor or Lead Implementer is required.

• Additional certifications such as CISSP, CISA, CRISC, or CISM are advantageous.

• Experience in conducting risk and security assessments, identifying protection needs, and preparing audit-ready documentation.

• A confident presence at the management level along with excellent communication skills.

• Ideally, you will have experience in DevSecOps, cloud security, or technical security consulting as complementary skills.

• Proficiency in business-fluent German and very good English is necessary.

• A strong desire to actively contribute to building a business area rather than operating within established frameworks is essential.

🏝️ Benefits

• A pioneering role with genuine opportunity to shape: you will influence the portfolio, methodology, and team dynamics.

• Direct reporting to our Managing Partners, ensuring no hidden layers of hierarchy.

• An individual training budget for certifications (ISO 27001 Lead Auditor, CISSP, CISA, CRISC).

• Flexible working arrangements, including remote work options, with offices located in Stuttgart, Frankfurt, Wolfsburg, Bremen, and London.

• Extensive training and personalized certification opportunities.

• Empowered by Trust! We believe in you. You will enjoy a high degree of freedom to grow, initiate your own projects, and shape your role.

• Remote work, flexible hours, and attractive corporate benefits.

• Comprehensive PEC onboarding — featuring a personal buddy, monthly newcomer events, and professional training.

• Regular company events to foster a collaborative culture.