Information Security Governance Consultant

Master degree
- Engineer level or equivalent
- Understand how governance can structure an information security approach
- SCADA environments familiarfamiliar with security standards (ISO 27001, NIST CSF, CIS 20, SWIFT, etc.);
- Certifications such as CISSP, ISO27001 Lead Implementer / Lead Auditor, ISO27005 Risk Manager, CISM, etc;
- Level required in French: fluent to native (written and oral) equivalent to C1 -C2;
- English level required: good (written and oral) equivalent to minimum B1.

As part of a dynamic and passionate team, you will have the opportunity to fully invest yourself, to innovate and to create in the fields of expertise we deal with. Listening is one of our key values, which helps everyone feel integrated within our company family. Understanding our business as well as the challenges our customers face is a continuous need. This is why you will regularly take part in workshops, training sessions and events to update your knowledge. We will also help you level up your skills by positioning you on great and challenging projects adapted to your profile.

Be part of a great team

As an Information Security Governance Consultant, you will be part of a multidisciplinary team and you will work in the Information Security Governance department. The team is made of experienced and junior consultants with a mix of specialties proper to each consultant. The team is in charge of information security governance consulting and support. We also provide services in the following areas:
Definition of an organization’s security strategy and establishment of its short, medium and long-term security program;
Management and organization of information security and establishment of the governance framework (security policies);
Information security risk management;
Resilience support (BCP/DRP, incident management, cyber crisis management, etc.);
Cloud services security;
Support for regulatory compliance (GDPR, CSSF, etc.) and standards compliance (ISO 27001, NIST CSF, CIS 20 certification);
CISO support or CISO function within an organization take-over;
Information security maturity assessment and audit.

The objective of the services provided by the Information Security Governance team is to understand and analyze the business needs of our clients and to decline them into Information Security requirements. Therefore, the team is able to assist clients in their maturity increase through the different approaches defined within the department.

Your mission as an Information Security Governance Consultant:
As an Information Security Governance consultant, mostly known as ISG, you will first need to have a structured risk approach and a good knowledge of the implementation of security measures in organizations. Your main objective will be to assist our clients in the implementation of their strategy by identifying the security projects to be initiated, assessing the maturity of controls and advising the choice of treatment to be adopted regarding the risks organizations are facing. The objective is to make information security a determining element in the value of the company while being pragmatic with the realization of the field.

Profil recherché:
Master degree
You are passionate about Information Security and have the ambition to work in the governance aspects of the business. From an engineer level or equivalent, you possess the necessary knowledge to manage Information Security and its risks.

Your skills as an Information Security Governance Consultant
You understand how governance can structure an information security approach;
You are constantly on the lookout for issues related to cybersecurity;
You communicate with ease and you know how to convey clear messages to different interlocutors (Management, CISO, IT, Business, etc.);
You have strong writing and analytical skills;
You propose structured approaches and are organized in your work;
You are able to step back from a problem and have a long-term vision of how to address it;
You are familiar with security standards (ISO 27001, NIST CSF, CIS 20, SWIFT, etc.);
You possess certifications such as CISSP, ISO27001 Lead Implementer / Lead Auditor, ISO27005 Risk Manager, CISM, etc;
You understand the technical issues specific to information systems (networks, systems, etc.);
Level required in French: fluent to native (written and oral) equivalent to C1 -C2;
English level required: good (written and oral) equivalent to minimum B1.

You have a good state of mind, you’re capable of working within a team and ready to take part in a great adventure. You are also dynamic, reactive, ambitious, creative, independent and you are not scared to share your mind. You have capacities to adapt and to take some initiatives.

You are a great passionate about Information Security, you are keen to learn and on the lookout for the latest news on security breaches and technological advances then apply

Compétences attendues
Compétences analytiques
Gouvernance
Management