Principal Consultant - Cyber Security Consulting & Advisory (m/f/d)

Job details

Work Location: Frankfurt, Munich, Stuttgart

State / Region / Province: Baden-Wurttemberg, Bayern, Hessen

Country: Germany

Domain: Consulting

Interest Group: Infosys Limited

Skills: Process|Consulting processes|Technology Consulting process, Technology|Infrastructure Security|Infrastructure Security - ALL

Company: ITL Germany

Requisition ID: 131781BR

Role - Principal Consultant (JL6)
Technology - Cyber Security Consulting & Advisory
Location - Stuttgart/Munich/Frankfurt Germany (DE)
Business Unit - Cyber Security, Cyber C&A
Compensation - Competitive (including bonus)

Today, the corporate landscape is dynamic and the world ahead is full of possibilities! None of the amazing things we do at Infosys would be possible without an equally amazing culture, the environment where ideas can flourish and where you are empowered to move forward as far as your ideas will take you.

At Infosys, we assure that your career will never stand still, we will inspire you to build what's next and we will navigate further together. Our journey of learnability, values and trusted relationships with our clients continue to be the cornerstones of our organization and these values are upheld only because of our people.

As a Principal Consultant in the Infosys Cyber Security Consulting & Advisory (C&A) Team, you are a principal expert at contributing to different phases of the Cyber Security consulting lifecycle. You will be intensely involved as a highly skilled Cybersecurity consultant with expertise in a number of Domains: Regulatory, GRC, Cloud&Infra, IDAM/PAM, Data, OT/IoT security and or combination of a number to join our team. The successful candidate will play a critical role in helping our clients to realize their Cyber security roadmaps and support in delivering elements of that roadmap through consulting delivery mechanisms being part of C&A environments, including operational and tactical security, alongside controls assessment, strategic leadership interactions at CxO level, and Data Acquisition systems, and IoT infrastructures to name but a few.

This role requires a deep understanding of cyber security and associated Domain areas: network security, EuD/Workspace security, Application security, while working with cross-functional teams to enhance the security posture of mission-critical security service lines.

You will lead and guide teams on project processes, deliverables and contribute to the proposal development, client training and internal capability-building and help detail the project scope. You will have the opportunity to shape value-adding consulting solutions that enable our clients to meet the changing needs of the global landscape.

• 10 years+ of industry experience working in enterprise cyber security domain
• Security Strategy & Program Management: Assess security risks, develop security roadmaps, and align security measures with enterprise IT security frameworks.
• Deploy and Configure Security Solutions: Implement, optimize, and manage cybersecurity platforms such as MS, Google and or AWS services, alongside controls assessment and understanding of NIST, ISO27K, TOGAF, SABSA frameworks and initiatives.
• Threat Monitoring & Incident Response: Identify, analyze, and respond to security events and incidents in networks, collaborating with IT and operational teams to mitigate threats.
• Security Assessments & Compliance: Conduct security assessments, evaluate risk, and ensure compliance with IEC 62443, NIST SP 800-82, NERC CIP, ISO 27001, and NIS2 frameworks.
• Vulnerability & Risk Management: Perform vulnerability analysis and penetration testing, and implement risk mitigation strategies tailored for ICS/SCADA environments.
• IT Integration: Work closely with IT, engineering, and operational teams to integrate security solutions seamlessly with existing enterprise security architecture.
• Vendor & Third-Party Security Management: Assess and oversee third-party vendors providing security solutions, ensuring their compliance with security policies and industry best practices.
• Training & Awareness: Develop and conduct cybersecurity training and awareness programs for internal teams, partners, and executives.
• Emerging Threats & Technologies: Stay informed about new cybersecurity threats, vulnerabilities, and emerging technologies in industrial cybersecurity, IoT security, and critical infrastructure protection.
• A high degree of awareness in one or more of the cyber industry trends and technologies e.g., Zero Trust Architecture, Responsible AI, Security Automation, Cyber Vendor consolidation, DevSecOps, SDLC, Security by Design/ Privacy By Design, IDAM, Cyber Architecture etc.
• Exposure to solutions such as Sailpoint, CyberArk, Ping, Omada, Crowdstrike, Microsoft, Fortinet, XSIAM Palo Alto, ZScaler technologies etc.

• A broad outlook through exposure to an ecosystem of diverse cultures, stakeholders as well as emerging tools, technologies, regulations, standards etc.
• Experience with similar roles in consulting teams or organizations
• Relevant industry certifications like:
• Education: Bachelor's degree in Cybersecurity, Information Technology, or a related field.
• ICS/SCADA Knowledge: Strong understanding of Enterprise level cyber security and strategies through controls assessment and compliance.
• Security Platforms Expertise: Experience with OT security solutions including Claroty, Dragos, Nozomi Networks, and Armis.
• Network Security: Hands-on experience with firewalls, IDS/IPS, VPNs, authentication systems, PKI, log management, and content filtering.
• Cybersecurity Frameworks: Familiarity with NIST, IEC 62443, ISO 27001, NERC CIP, GSMA IoT Security Guidelines, and other industry security standards.
• Incident Response & Risk Management: Experience in security monitoring, incident response, and risk mitigation for OT environments.
• Technical Skills: Strong troubleshooting, analytical, and problem-solving abilities.
• Communication & Collaboration: Ability to work independently and within cross-functional teams, with excellent communication and interpersonal skills. Must have ability to converse verbally and in written English/German.
• Project Management: Knowledge of project planning, resource management, financial budgeting, and risk assessment for OT security projects.

• ISO27001:2022 Lead Auditor
• Certified Information Security Manager (CISM)
• Certified Information Systems Auditor (CISA)
• Certified Information Systems Security Professional (CISSP)
• GIAC Certified Incident Handler (GCIH)
• GIAC Cyber Incident Leader (GCIL)

Besides the professional qualifications of the candidates we place great importance in addition to various forms of personality profile. These include:

• High analytical skills
• A high degree of initiative and flexibility
• High customer orientation
• Strong exposure in stakeholder management at Senior levels
• High quality awareness
• Excellent verbal and written communication skills (bonus if candidate can speak German and another European language)

Infosys is a global leader in next-generation digital services and consulting. We enable clients in 54 countries to navigate their digital transformation. With over three decades of experience in managing the systems and workings of global enterprises, we expertly steer our clients through the many next of their digital journey. We do it by enabling the enterprise with an AI-powered core that helps prioritize the execution of change. We also empower the business with agile digital at scale to deliver unprecedented levels of performance and customer delight. Our always-on learning agenda drives their continuous improvement through building and transferring digital skills, expertise and ideas from our innovation ecosystem.

Visit www.infosys.com to see how Infosys can help your enterprise navigate your next.

All aspects of employment at Infosys are based on merit, competence and performance. We are committed to embracing diversity and creating an inclusive environment for all employees. Infosys is proud to be an equal opportunity employer.