Information Security Consultant (Full-Time, Remote)

About Riskora Consulting

We are Riskora Consulting — a small but passionate team of like-minded professionals who truly care about IT compliance and security.

Our mission is simple: to make complex compliance frameworks easy and accessible. We believe that compliance shouldn’t be scary, boring, or expensive.

We help companies achieve or maintain certifications and frameworks such as ISO 27001, ISO 27701, SOC 2, GDPR, PCI DSS, DORA, MiCA, and more — empowering them to build secure, trustworthy systems and meet regulatory expectations with confidence.

Job Description:

We’re looking for a full-time Information Security Consultant to join our growing team and act as a vCISO / Regulatory Security Advisor for one of our clients operating within the European Union.

This is a remote, compliance-first, regulator-facing role — perfect for a seasoned security or compliance professional who thrives on structure, documentation, and communication with supervisory authorities rather than technical infrastructure work.

You will serve as the primary liaison for regulatory compliance in security-related matters, ensuring ongoing alignment with EU cybersecurity and operational resilience frameworks (including DORA, MiCA, NIS2, and GDPR).

You will collaborate with our client’s global security, legal, and compliance teams to maintain a robust Information Security Management System (ISMS), manage regulatory obligations, and oversee risk management activities.

Key Responsibilities:

• Ensure ongoing compliance with cybersecurity and resilience requirements under EU and national financial regulations (DORA, NIS2, GDPR, EBA Guidelines).
• Act as the primary contact point for regulators, supporting audits, inspections, and formal communications.
• Maintain and enhance a local ISMS aligned with global standards (ISO 27001, SOC 2, NIST).
• Conduct and document security risk assessments, treatment plans, and incident reports.
• Oversee preparation and review of security governance documentation, including policies, procedures, and SoA (Statement of Applicability).
• Identify and escalate regulatory or compliance risks through established risk management channels.
• Provide guidance to senior management and report on compliance posture, incidents, and audit findings.
• Collaborate with global security and legal teams to ensure consistency and adherence to international frameworks.
• Participate in the internal CISO Council to share best practices and drive continuous improvement.



Key Requirements:

• Minimum 5 years of experience in information security, risk management, or compliance roles.
• Proven track record working directly with financial regulators or supervisory authorities within the EU.
• Solid understanding of EU regulatory frameworks, including: (DORA, NIS2, EBA Guidelines, ISO/IEC 27001, SOC 2, NIST Cybersecurity Framework)
• Experience building and maintaining ISMSs, conducting internal audits, and preparing for external certification or regulatory reviews.
• Strong skills in risk identification, control assessment, and compliance documentation.
• Exceptional communication and stakeholder management skills, with the ability to translate regulatory requirements into practical controls.
• Fluent in English (written and verbal);

Preferred Certifications:

• CISM – Certified Information Security Manager
• CRISC – Certified in Risk and Information Systems Control
• ISO/IEC 27001 Lead Auditor or Lead Implementer (PECB or equivalent)
• Other certifications in DORA, GDPR, or risk management are a plus

What We Offer:

• Full-time remote engagement
• Competitive compensation based on experience
• A flexible and trust-based work culture — results matter more than hours
• Collaboration with a supportive, highly skilled, and international team of security professionals
• The opportunity to shape security governance for regulated fintech and financial services companies across Europe
• Continuous learning support and discounted certifications (ISO 27001 LA/LI, DORA, MiCA, and more)