Information Security (DORA) Consultant

We are seeking an experienced Cybersecurity Consultant with expertise in DORA (Digital Operational Resilience Act) compliance to support a financial services organization in meeting regulatory requirements. This freelance role involves assessing, advising, and implementing cybersecurity and operational resilience strategies to ensure compliance with DORA and related regulations. The consultant will collaborate closely with the internal IT team and report to the Head of IT.

Key Responsibilities

• DORA Compliance Advisory: Provide expert guidance on aligning cybersecurity frameworks, IT risk management, and operational resilience strategies with DORA requirements.
• Gap Analysis & Risk Assessment: Conduct assessments to identify gaps in existing cybersecurity and ICT risk management practices.
• Policy & Framework Development: Assist in developing ICT risk management, incident reporting, third-party risk management, and business continuity frameworks.
• Incident Response & Crisis Management: Support in establishing incident reporting mechanisms aligned with DORA mandates.
• Testing & Simulation: Work with third-party suppliers to ensure penetration testing, vulnerability assessments, and operational resilience testing meet regulatory standards.
• Regulatory Reporting & Documentation: Prepare compliance reports and ensure proper documentation for audits and regulatory scrutiny.

Qualifications & Experience

Required Experience & Skills

• 5+ years of relevant experience in cybersecurity, IT risk management, or operational resilience within financial services.
• Proven technical expertise in cybersecurity, vulnerability assessment, monitoring tools, logging tools, and access management tools.
• Strong knowledge of DORA, NIS2, GDPR, EBA/ECB ICT risk guidelines, and ISO 27001/27005.
• Experience with cyber risk assessments, business continuity planning (BCP), disaster recovery (DR), and incident response.
• Familiarity with cybersecurity frameworks such as NIST, CIS, ISO 27001, MITRE ATT&CK.
• Ability to engage with regulators, auditors, and senior stakeholders to explain compliance strategies.

Preferred Experience & Skills

• Knowledge and experience with Azure infrastructure tenant solutions.
• Experience with ServiceNow.
• Experience working with European financial regulators or internal audit teams on DORA-related projects.

Soft Skills & Business Experience

• Strong ability to develop and document clear information security processes and procedures.
• Experience collaborating with third-party suppliers.
• Excellent communication and presentation skills (written and oral) adapted to different audiences.
• Ability to work independently with a proactive and goal-oriented approach.
• Strong analytical and problem-solving skills, with attention to detail.
• Ability to manage pressure and deadlines effectively.
• Comfortable working in a dynamic and multicultural environment.

How does this sound to you?