Security and Risk Management Consultant

Job Description

Are you passionate about cyber security? Do you enjoy supporting organizations to develop their cyber resilience? Do you know how to conduct risk assessments and how to bring business and IT together to collaborate on cyber security? We at WithSecure would want to work with you!

We are looking for a Security and Risk Management Consultant to join our consulting team in the exciting adventure of improving the information security posture and cyber resilience of our clients.

Key Responsibilities

We assist our clients in their information security needs on strategical, tactical and operational level. Your responsibilities within the assignments would be:

• Performing risk assessments
• Defining risk mitigation strategies
• Establishing information security governance frameworks
• Advising on security objectives and risk appetite, security strategy and budget

• Developing and maintaining good, long-term relationships with the client and their various stakeholders, including business, IT, product management and software development organisations

• Being an upstanding colleague!

What are we looking for?

• 2-5 years of professional experience within information security with a suitable educational background.
• Your current role is probably an information security consultant, CISO, security manager, security architect, information security auditor, or similar.
• You have a track record of successful security and/or risk management experience.

Experience within some of the following fields is desired

• ISO/IEC 27001
• Security improvement programs
• Information security frameworks, such as CIS, NIST, PCI DSS and others, including national frameworks
• Legal requirements for information security, such as NIS, GDPR, and national legislation
• Risk assessment and threat modelling
• Proven skills to work with roles within software development, such as technical architects, software developers and product management, on their terms
• Cyber maturity assessment and IT audit
• Governance, risk and compliance
• Fluent Finnish and English, both spoken and written

Bonus points

• Recognized certifications within risk, security and privacy management, IT management and project management are a plus, but not a requirement. For example CISSP, CISM, ISO27001, CISA and OSCP
• Experience of agile process models and different flavours of software development lifecycles are a plus
• Technical architecture skills (including cloud architecture) are a plus

What will you get from us

• 1 to 1 coaching and tutorship sessions led by seasoned and well-respected industry-leading professionals
• Access to our state-of-the-art bespoke training platform
• Classroom-based learning sessions and the opportunity to attend external training courses and security conferences
• Opportunities to push the industry forward through research using our blogs, talks, white papers and by participating at industry events

As part of the WithSecure Consulting team you will be working with some of the best security people in the world with a wide variety of passions and skills. We've been working years to acquire and retain highly skilled individuals – many of those who have left the team, have later returned after a brief stint elsewhere. If you like helping companies to improve their information security posture and cyber resilience, and challenge conventional wisdom, WithSecure Consulting has got your back.

See yourself here? Bring your best self and apply now!

A security background check will be conducted for the selected candidate, in accordance with the Finnish Security Clearance act 726/2014.