Cyber Security Consultant

As a Senior Information Security Consultant, you advise and support organizations in designing, implementing, and optimizing their information security strategy, governance, and controls. You combine strong GRC expertise with hands-on security knowledge and act as a trusted advisor for management, security officers, and technical teams in complex and regulated environments.

Responsibilities

• Act as senior advisor on information security governance, risk management, and compliance
• Design, implement, and optimize security policies, processes, and control frameworks
• Lead or support ISO 27001 / NIST / COBIT / CIS implementations and audits
• Perform security risk analyses and translate business risks into actionable controls
• Provide expertise in at least one technical security domain (e.g. AppSec, PAM, vulnerability management)
• Support compliance with NIS2, ISO, and sector-specific regulations
• Document security processes and governance structures clearly and consistently
• Work closely with stakeholders at management and executive level

3. Simplified & Strong Requirements Profile

Must Have

• 5+ years experience as Information Security Consultant
• 5+ years experience in Information Security / Security Officer role
• Strong experience with:
• Security governance and operating models
• Security risk management
• Designing and maintaining security policy frameworks
• Analyzing, optimizing, and documenting security processes
• Proven experience with information security frameworks, such as:
• ISO 27000 series
• NIST
• COBIT for Security
• CIS Critical Security Controls
• OWASP
• Deep expertise in at least one security domain, such as:
• Application security
• Vulnerability management / penetration testing
• Privileged Access Management
• Encryption and key management
• Dutch language proficiency: CEFR C2 (native or near-native)

Nice to Have

• Experience with GRC tooling (Maiky, Vanta, Drata)
• Hands-on experience with:
• ISO 27001 certification trajectories
• NIS2 compliance
• CYFUN or sector-specific frameworks
• Certifications such as:
• CISSP (strong plus)
• CISM
• CEH