Security and Risk Management Consultant

• Application Deadline: Oct. 20, 2024
• Copenhagen
• Hybrid

Job Description
WithSecure™ protects businesses all over the world from modern threats. We do this through a Co-security approach born from first-hand knowledge that no one can solve every cyber security problem alone. Every single day, our diverse, growing team fights against online extortion, threats to national infrastructure, the unlawful spread of sensitive information, and everything in-between. The best part about working for WithSecure is our people! We are a community of dedicated and passionate professionals that take workplace happiness seriously. If you’re looking for something that’s more than just a job – we’d love to hear from you.

Are you passionate about cyber security? Do you enjoy supporting organizations to develop their cyber resilience? Do you know how to conduct risk assessments and how to bring business and IT together to collaborate on cyber security – or do you understand how OT security posture affects the business? Then you should come work with us at WithSecure!

We are looking for a Security and Risk Management Consultant to join our Consulting Team in the exciting adventure of improving the information security posture and cyber resilience of our clients.

Working as a Security and Risk Management Consultant is characterized by trust. We strive for long term client-relationships and to be THE trusted information security advisor for our clients. Our vision is to provide the most qualified cyber advisory to our clients, adapted to suit their specific preconditions, so that the client improves their effective security posture, and their risks are mitigated. We help our clients by prioritizing where to focus their budgets to optimize their return on cyber security investments in their quest for cyber resilience.

Located in our office in Copenhagen, you will take an active part in our company’s goal to deliver research-driven cyber security to protect organizations, society, and individuals from real-world threats. Our team is a diverse and talented mix of technical and creative experts, dedicated to pushing the boundaries of the industry with innovative thinking. We pride ourselves on fostering an environment rich in fun, collaboration, and continuous learning. Here, you will lead your own development and play a key role in shaping a workplace that you will proudly call home.

Key Responsibilities

• performing cyber security gap assessments for clients across a variety of domains, including finance, operational technology (OT), critical infrastructure, and cloud service providers.
• performing PCI DSS assessments and building PCI DSS programs for clients
• defining cyber risk mitigation strategies
• establishing information security governance frameworks
• advising on security objectives and risk appetite, security strategy and budget
• developing and maintaining good, long-term relationships with the client and their stakeholders, including business, IT, product management and software development organizations
• being an upstanding colleague! Supporting other team members (maybe even by mentoring) and enabling us to succeed collectively.

What are we looking for?

• Ideally you have 3-5 years of professional experience within information security with a suitable educational background
• your current role is probably an information security consultant, CISO, security manager, security architect, information security auditor, or similar
• you have a track record of successful security and/or risk management experience
• you are proficient in English
• you are experienced in some of the following fields:
• security improvement programs
• information security frameworks, such as CIS18, NIST CSF, ISO 27001, PCI DSS, ISA/IEC 62443 and others, including national frameworks
• legal requirements for information security, such as NIS, GDPR, and national legislation
• threat modelling
• cyber maturity assessment and IT audit
• governance, risk and compliance
• privacy assessments

Bonus points

• Recognized certifications within risk, security and privacy management, especially PCI QSA, but also CISSP, CISM, ISO27001 Lead Implementor, CISA, or CRISC.
• Previous consulting experience and strong network in industry.
• Experience with agile process models and different flavors of software development lifecycles are a plus
• technical architecture skills (including cloud architecture) are a plus
• software development/SDLC competence and experience from assisting organizations in their journey to shift left as well as practical security engineering experience.
• Understanding and speaking Danish

What will you get from us

• 1 to 1 coaching and mentorship sessions led by seasoned and well-respected industry-leading professionals
• The opportunity to be involved in service development to shape the services we deliver to our clients to be aligned with future market needs
• Access to our state-of-the-art bespoke training platform
• Classroom-based learning sessions and the opportunity to attend external training courses and security conferences
• Opportunities to push the industry forward through research using our blogs, talks, white papers and by participating at industry events

As part of the WithSecure Consulting team you will be working with some of the best security people in the world with a wide variety of passions and skills. We've been working years to acquire and retain highly skilled individuals – many of those who have left the team, have later returned after a brief stint elsewhere. If you like helping companies to improve their information security posture and cyber resilience, and challenge conventional wisdom, WithSecure Consulting has got your back.

Work with great people
William Jardine Managing Consultant "The freedom is a big thing for me. The trust you are doing something worthwhile." Fairuz Zainor Researcher "I joined WithSecure (previously F-Secure) straight after graduating and now, 10 years later, I am still happy to be here." Kinga Baran Program Manager "WithSecure gives me a feeling of appreciation for what I do as well as ongoing challenges to grow personally. This sounds like a slogan but it really happens here!" Great Place to Work

• Over 900 amazing colleagues in 18 offices
• Possibility to protect the world
• Work with best of class experts who care
• Relaxed, open and fun working environment
• 70+ nationalities
• Global with the spirit of a small company

About the company
Purpose – Why we exist
We are here to build and sustain trust in a digital society
We are here to build and sustain trust in a digital society — trust that is threatened by uncertainty, fear and worry caused by cyber attacks and crime.

Vision – Where we are heading
No one should experience a serious loss because of a cyber attack
We envision a future where no one should experience a serious loss or be put out of business because of cyber attack or crime. At least no one who puts their trust in us.

Mission – What we do
Accelerate transition to outcome-based security
Our mission is to research, innovate and build technologies, human expertise and delivery-business models that will accelerate our customers’ and partners’ transition to outcome-based security.

Diversity & Inclusion:
WithSecure is an equal opportunity employer and believe that employing a diverse workforce is central to our success. We are committed to ensuring all qualified applicants will receive consideration for employment without regard to nationality, colour, race, ethnic or national origin, sex, gender (including gender reassignment), sexual orientation, religion or belief, age, marital status or physical or mental disability.
We will do everything we can to support you during your application. If you need us to make any adjustments to our recruitment process, speak to our recruitment team who will be happy to support you!

Anders Ellekilde-Pedersen | Contact Person

Send e-mail I'm interested WithSecure
Copenhagen | Hybrid
Visit website