Information Security Consultant

Role: Freelance B2B/ Junior Cybersecurity GRC Consultant

Contract Type: Long-term project

Start Date: January 2026

Location: Luxembourg (primarily on-site, limited remote possible)

Eligibility: EU nationality required

Language: English (C2), French (minimum B1)

Role Overview

We are seeking a Junior Cybersecurity GRC Consultant to support IT and information security governance activities. The consultant will contribute to regulatory compliance, risk management, security documentation, and awareness initiatives aligned with EU cybersecurity frameworks and internal digital strategies.

The role sits within an established IT Security team and focuses on strengthening governance, risk, and compliance processes while supporting day-to-day operational security activities.

Key Responsibilities

IT Security Risk Management

• Support preparation and updates of IT security risk assessments using structured risk methodologies
• Maintain risk registers and supporting documentation using GRC tools

Security Governance & Documentation

• Assist in drafting and updating IT Security Plans, procedures, and guidelines
• Contribute to alignment with EU and international security standards

Audit & Compliance Support

• Prepare documentation for audits, controls testing, and security certifications
• Support compliance with recognised IT security frameworks and standards

Monitoring & Reporting

• Monitor compliance status and report on security posture and gaps
• Support tracking of mitigation actions and risk treatment plans

Awareness & Training

• Develop cybersecurity awareness materials and internal documentation
• Support delivery of training sessions and awareness campaigns

Operational Security Support

• Assist with identity and access management processes
• Support incident reporting, ticket handling, and security tooling integration

Project & Coordination Activities

• Support planning, tracking, and reporting of security-related activities
• Organise meetings, follow up on actions, and maintain documentation
• Required Profile

Education

• Minimum EQF Level 5 (post-secondary education)

Technical Knowledge

• Basic knowledge of IT security policies, standards, and controls
• Familiarity with one or more of the following:
• ISO 27001 / ISO 27000 series
• NIST frameworks
• IT Security Risk Management (ITSRM)
• IT service or project management methodologies (e.g. ITIL, PM2)

Certifications (at least one preferred)

• CompTIA Security+
• ISO 27001 Foundation
• CISA / CISM / CISSP (or progress towards)
• CEH or equivalent security certification

Soft Skills

• Comfortable working in international and multicultural environments
• Strong documentation and organisational skills
• Discretion and professionalism when handling sensitive information