Cyber Security Consultant

ICT Security & Risk Management Consultant – Luxembourg

Location: Luxembourg (onsite/hybrid)

Duration: Long-term contract

Citizenship: EU nationality required

Overview

Our client in Luxembourg is seeking an experienced ICT Security & Risk Management Consultant to support their cybersecurity and governance framework.

The role focuses on improving organisational resilience through effective risk management, maintaining risk registers, supporting incident response, and ensuring compliance with internal security controls.

Key Responsibilities

• Risk Management & Governance:
• Maintain and update the organisation’s Risk Register and related Action Plans.
• Identify, assess, and monitor cybersecurity risks and internal controls.
• Track progress on mitigation actions and ensure proper documentation.
• Cybersecurity Assessments & Reporting:
• Coordinate information collection from multiple business and technical units.
• Perform data validation, risk analysis, and prepare detailed technical reports.
• Draft and track cybersecurity recommendations and ensure follow-up.
• Incident & Forensics Support:
• Contribute to security incident investigations and forensic analysis.
• Produce clear post-incident documentation and recommendations.
• Collaboration & Communication:
• Liaise with internal stakeholders to ensure alignment on cybersecurity initiatives.
• Prepare reports, presentations, and updates for management and technical teams.

• Must-Have Experience & Qualifications
• Education:
• Master’s degree in Computer Science, Information Security, or a related discipline.
• Professional Experience:
• Minimum 6 years of relevant professional experience in ICT security.
• At least 3 years in ICT Security Management, including:
• ISMS implementation (ISO 27001 or equivalent).
• Development and enforcement of security policies and standards.
• Risk assessment and internal control monitoring.
• At least 2 years as a team or project leader on security-related initiatives.
• Strong experience in risk governance, incident response, and security reporting.
• Certifications:
• At least one professional security certification (e.g. CISSP, CISM, ISO 27001 Lead Implementer/Auditor, CEH).
• Technical & Soft Skills:
• Strong analytical and organisational skills, with attention to detail.
• Excellent communication skills and ability to create structured documentation.
• Able to work independently, under pressure, and manage multiple priorities.
• Proven leadership and stakeholder coordination experience in multilingual environments.