Information Security Governance Consultant

A trusted advisory and technology integration firm specializing in cybersecurity and the protection of digital assets, the organisation has been supporting businesses since 2012. Based in the Grand Duchy of Luxembourg, it provides end-to-end security solutions, guiding clients through the entire lifecycle of their information systems.

By combining strategic consulting with technical expertise, the organisation plays a pivotal role in securing IT environments, ensuring regulatory compliance, and strengthening cyber resilience. With a client-centric approach, it offers tailored solutions that integrate seamlessly into business operations, making it a key partner in cybersecurity strategy, governance, and risk management.

Role Overview

As an Information Security Governance Consultant, you will join a multidisciplinary team working with CISOs, IT teams, and business leaders to enhance cybersecurity strategies, implement governance frameworks, and ensure compliance with international standards such as ISO 27001, NIST CSF, CIS 20, and SWIFT. Your mission will be to assess security maturity, identify risks, and recommend strategic improvements, helping organisations strengthen their overall cybersecurity posture.

Key Responsibilities

• Define security governance strategies and establish short, medium, and long-term security programs for clients.
• Assess information security risks, propose mitigation measures, and ensure alignment with industry best practices.
• Implement and maintain governance frameworks, including security policies, incident management plans, and resilience strategies (BCP/DRP, crisis management, etc.).
• Assist clients in achieving compliance with GDPR, ISO 27001, NIST CSF, CSSF, and other security regulations.
• Provide CISO advisory services, supporting security teams in maturity assessments, audit preparation, and risk management initiatives.
• Collaborate with IT and business teams to bridge the gap between cybersecurity risks and business objectives.
• Participate in internal and external training sessions to stay up to date with evolving cybersecurity threats and governance trends.
  
  

Ideal Candidate Profile

The role is ideal for a cybersecurity professional passionate about governance, risk, and compliance. Candidates should have a structured approach to risk management and a solid understanding of security frameworks and best practices.

• Engineer-level education or equivalent experience in information security, governance, or risk management.
• Strong understanding of how governance structures impact cybersecurity strategy within organizations.
• Familiarity with SCADA environments and cybersecurity standards such as ISO 27001, NIST CSF, CIS 20, and SWIFT.
• Relevant certifications such as CISSP, ISO 27001 Lead Implementer/Auditor, ISO 27005 Risk Manager, CISM, or willingness to obtain them.
• Strong analytical and problem-solving skills with the ability to assess and implement security measures in real-world environments.
• Excellent communication and interpersonal skills, capable of engaging with C-level executives, CISOs, IT teams, and business stakeholders.
• Fluent in French (C1-C2 level) and proficient in English (B1 or higher).
  
  

Why Join Us?

This Is An Opportunity To Work In a Challenging Yet Rewarding Environment, Where Your Expertise Will Directly Contribute To The Security And Resilience Of Leading Organizations. The Organisation Values Innovation, Collaboration, And Professional Development, Offering

• Competitive salary with a performance-based bonus
• Company car or leasing budget, plus a fuel card.
• Comprehensive health insurance covering dental, hospitalization, and vision.
• Flexible remote work options, depending on the country of residence.
• Pension plan contribution of 1,000€/year.
• Corporate benefits including meal vouchers, training programs, and a corporate discount card (Sympass).
• Continuous training opportunities to enhance your cybersecurity expertise.
  
  

Skills: risk,incident management,communication,iso 27001,compliance,information security governance,gdpr,bcp/drp,analytical skills,information security awareness,swift,risk management,cybersecurity,it,nist csf,cis 20,security,interpersonal skills,information security