Cyber Security Consultant

• Master Degree + at least 9 years of relevant professional experience in Information Technology and at least 6 years of experience in cybersecurity risk management or a comparable information security role.

Minimum (4) of the following certifications, or internationally recognized equivalents:

• CISSP – Certified Information Systems Security Professional
• CISA – Certified Information Systems Auditor
• CISM – Certified Information Security Manager
• GSNA – GIAC Certified Systems and Network Auditor
• GCCC – GIAC Certified Critical Controls Certification
• ISO 27001 Lead Implementer
• ISO 27001 Lead Auditor
• ISO 27005 Risk Manager
• CAP – Certified Authorization Professional
• CRISC – Certified in Risk and Information Systems Control
• CISSP-ISSMP – Information Systems Security Management Professional
• GIAC Certified ISO-27000 Specialist
• Demonstrate knowledge and experience in conducting cybersecurity risk assessments and analyses to identify threats, classify assets, evaluate vulnerabilities, and define appropriate controls.
• Implement cybersecurity risk management frameworks, methodologies, standards, and guidelines, ensuring alignment with industry best practices.
• Support risk-informed decision-making for business owners, executives, and stakeholders.
• Promote awareness, adherence, and a risk-aware culture across the organization.
• Apply recognized risk management frameworks, methodologies, tools, and standards.
• Understand cyber threat landscapes, threat taxonomies, and vulnerability repositories.
• Evaluate risk treatment strategies, including risk mitigation, avoidance, transfer, and sharing options.
• Design, assess, monitor, and test the effectiveness of technical and organisational security controls.
• Analyse and consolidate organisational risk and quality management practices.
• Prepare and deliver reports, presentations, and recommendations to technical and managerial stakeholders.
• Conduct Business Impact Assessments (BIA).
• Implement risk assessment processes using ServiceNow GRC.
• Prepare personal data protection and privacy documentation.
• Use graphical and programmatic threat modelling techniques, including within DevOps environments.
• Design and implement Zero Trust Architecture principles.
• Apply Secure Software Development Lifecycle (Secure SDLC) practices.
• Design security controls for protecting Directory Services environments
• English proficiency at Level C1 or higher.