Senior Security Consultant – Financial Services (Germany)

We build security that survives audits and real attacks. If you can move a bank from “we should” to “we did,” keep reading.

Why this role exists

German banks and insurers are modernizing fast, and the threat surface is outpacing governance. We need a senior consultant who can translate regulatory pressure and technical reality into defensible architectures, measurable controls, and calm stakeholders.

What you’ll own

• Client outcomes: Raise the organization’s security posture with practical controls, not just paperwork. You’ll design, implement, and tune.
• Advisory & reviews: Run targeted assessments; turn findings into a 90-day remediation plan with budgets, owners, and KPIs.
• Identity & privilege: Make IAM/PAM boring and reliable—policies, RBAC/ABAC, joiner-mover-leaver, break-glass, session monitoring.
• Detection & response: Stand up or uplift SOC/SIEM use cases, onboarding, triage playbooks, and metrics (MTTD/MTTR).
• Cloud guardrails: Land secure-by-default patterns in Azure/AWS/GCP (networking, identities, secrets, logging, data protection).
• Regulatory mapping: Convert German/EU supervisory IT requirements into technical backlog items and audit-ready evidence.
• Team leadership: Be the subject-matter lead in agile project squads; mentor consultants and guide delivery quality.

How you’ll work

Hybrid/remote within Germany with client travel when the work actually benefits from it. You’ll have latitude to pick methods and tools, so long as results are tangible and auditable.

Must-have credentials

• Track record: 5–8+ years delivering security outcomes in banking/insurance digitization programs.
• Hands-on depth: You’ve implemented controls—identity, privileged access, logging, alerting, encryption, network segmentation—not just advised.
• Standards fluency: ISO 27001 and NIST CSF are tools you can wield, not wall art.
• Regulatory context: Comfortable translating German and EU supervisory IT expectations (e.g., banking/insurance IT requirements and operational resilience rules) into engineering tasks and evidence.
• Languages: German (C1+) and English (professional working).
• Client presence: You can challenge thinking, hold the line on risk, and still keep the room.

Nice-to-have signals

CISSP/CISM/ISO 27001 Lead Implementer/Lead Auditor; experience with Azure AD/Entra, AWS Organizations, GCP IAM; Splunk/QRadar/Sentinel/Elastic; Terraform/Policy as Code; secrets management; data protection in cloud (KMS/HSM, tokenization).

What you’ll get

• Real autonomy: Ownership of outcomes and the space to design how to achieve them.
• Growth platform: Mentoring, paid certifications, and access to modern stacks.
• Flexible rhythm: Core collaboration hours; remote-first with purposeful onsite time.
• Community: A senior bench that shares patterns, not slideware.