Overview
A dynamic opportunity for an experienced cybersecurity professional to step into a high-impact consulting role focused on security risk assessments and process design. This is a hands-on position requiring both tactical execution and strategic thinking to support the CISO and build a scalable framework for evaluating new internal and external solutions.
Key Responsibilities
* Security Risk Assessments:
* Lead end-to-end security assessments for new systems and solutions, both internal and external.
* Evaluate cloud configurations and system architecture against business needs and compliance requirements.
* Profile risks related to data handling, system functionality, and overall security posture.
* Recommend appropriate security controls and mitigation strategies to project teams.
* Deliver clear, actionable feedback to support sign-off decisions, aligned with ISO standards and business context.
* Process Design & Standardization:
* Develop and implement a repeatable process for assessing security risks in new projects.
* Define when and how security should be engaged during project lifecycles.
* Create templates, workflows, and reporting structures to ensure consistency and traceability.
* Collaborate with cross-functional teams to embed security into project planning and execution.
* Establish governance mechanisms to reduce ad hoc decision-making and improve audit readiness.
Challenges to Solve
* Frequent ad hoc requests for security sign-off without sufficient context or structure.
* Lack of a defined process for evaluating new projects from a security and risk perspective.
* Need for a scalable framework that balances compliance, business risk, and operational efficiency.
Required Experience & Skills
* Proven experience conducting security assessments in GxP-regulated environments across multiple organizations.
* Strong understanding of ISO 27001, NIST, and other relevant regulatory frameworks.
* Familiarity with emerging legislation such as NIS2 and its implications for enterprise security.
* Ability to tailor recommendations based on risk appetite, business culture, and data sensitivity, rather than rigid best practices.
* Deep knowledge of security controls including background checks, traceability, and repeatability aligned with compliance standards.
* Demonstrated success in process improvement, framework design, and working in ambiguous or evolving environments.
Ideal Candidate Profile
* Strategic thinker with hands-on execution capability.
* Comfortable working closely with senior leadership and technical teams.
* Able to operate independently while driving cross-functional alignment.