Security & Risk Management Consultant

WithSecure™ protects businesses all over the world from modern threats. We do this through a Co-security approach born from first-hand knowledge that no one can solve every cyber security problem alone. Every single day, our diverse, growing team fights against online extortion, threats to national infrastructure, the unlawful spread of sensitive information, and everything in-between. The best part about working for WithSecure is our people! We are a community of dedicated and passionate professionals that take workplace happiness seriously. If you’re looking for something that’s more than just a job – we’d love to hear from you.

Are you passionate about cyber security? Do you enjoy supporting organizations to develop their cyber resilience? Do you know how to conduct risk assessments and how to bring business and IT together to collaborate on cyber security – or do you understand how OT security posture affects the business? Then you should come work with us at WithSecure!

We are looking for a Security and Risk Management Consultant to join our Consulting Team in the exciting adventure of improving the information security posture and cyber resilience of our clients.

Working as a Security and Risk Management Consultant is characterized by trust. We strive for long term client-relationships and to be THE trusted information security advisor for our clients. Our vision is to provide the most qualified cyber advisory to our clients, adapted to suit their specific preconditions, so that the client improves their effective security posture, and their risks are mitigated. We help our clients by prioritizing where to focus their budgets to optimize their return on cyber security investments in their quest for cyber resilience.

Located in our office in Copenhagen, you will take an active part in our company’s goal to deliver research-driven cyber security to protect organizations, society, and individuals from real-world threats. Our team is a diverse and talented mix of technical and creative experts, dedicated to pushing the boundaries of the industry with innovative thinking. We pride ourselves on fostering an environment rich in fun, collaboration, and continuous learning. Here, you will lead your own development and play a key role in shaping a workplace that you will proudly call home.

Key Responsibilities

• performing cyber security gap assessments for clients across a variety of domains, including finance, operational technology (OT), critical infrastructure, and cloud service providers.
• performing PCI DSS assessments and building PCI DSS programs for clients
  defining cyber risk mitigation strategies
• establishing information security governance frameworks
• advising on security objectives and risk appetite, security strategy and budget developing and maintaining good, long-term relationships with the client and their stakeholders, including business, IT, product management and software development organizations
• being an upstanding colleague! Supporting  other team members (maybe even by mentoring) and enabling us to succeed collectively.
  
  

What are we looking for?

• Ideally you have 3-5 years of professional experience within information security with a suitable educational background.
• your current role is probably an information security consultant, CISO, security manager, security architect, information security auditor, or similar
• you have a track record of successful security and/or risk      management experience
• you are proficient in English
• you are experienced in some of the following fields:
  security improvement programs
  information security frameworks, such as CIS18, NIST CSF, ISO 27001, PCI DSS, ISA/IEC 62443 and others, including national frameworks
• legal requirements for information security, such as NIS, GDPR, and national legislation
  threat modelling
• cyber maturity assessment and IT audit
• governance, risk and compliance
• privacy assessments
  
  

Bonus points

• Recognized certifications within risk, security and privacy management, especially PCI QSA, but also CISSP, CISM, ISO27001 Lead Implementor, CISA, or CRISC.
• Previous consulting experience and strong network in industry.
• Experience with agile process models and different flavours of software development lifecycles are a plus
• technical architecture skills (including cloud architecture) are a plus
• software development/SDLC competence and experience from assisting organizations in their journey to shift left as well as practical security engineering experience.
• Understanding and speaking Danish
  
  

What will you get from us

• 1 to 1 coaching and mentorship sessions led by seasoned and well-respected industry-leading professionals
• The opportunity to be involved in service development to shape the services we deliver to our clients to be aligned with future market needs
• Access to our state-of-the-art bespoke training platform
• Classroom-based learning sessions and the opportunity to attend external training courses and security conferences
• Opportunities to push the industry forward through research using our blogs, talks, white papers and by participating at industry events
  
  

As part of the WithSecure Consulting team you will be working with some of the best security people in the world with a wide variety of passions and skills. We've been working years to acquire and retain highly skilled individuals – many of those who have left the team, have later returned after a brief stint elsewhere. If you like helping companies to improve their information security posture and cyber resilience, and challenge conventional wisdom, WithSecure Consulting has got your back.