Principal Consultant - Information Security

A specialised consultancy is expanding its team of Information Security experts. This role is focused on delivering practical, regulatory driven security and risk projects, not high level strategy slides. You’ll work directly with clients across financial services, critical infrastructure and other regulated industries to help them manage IT risks and meet compliance expectations.

• Lead or support client projects in information security, IT risk and compliance – covering planning, execution and reporting
• Conduct gap analyses and support the implementation of requirements under DORA, NIS2, KRITIS, ISO 27001 or BSI Grundschutz
• Evaluate business and IT processes from a risk, efficiency and compliance perspective
• Coordinate cyber risk reduction programmes and security governance frameworks
• Help clients integrate security into existing processes and IT landscapes, including areas like IAM, SIEM or third-party risk
• Translate regulatory and technical requirements into structured, actionable plans
• Build long-term relationships with clients and contribute to developing internal methods and service offerings

• Several years of experience in information security, IT compliance or cyber risk – ideally within consulting or project-based environments
• Degree in IT, engineering, business IT or a related field
• Strong understanding of common frameworks and standards (e.g. ISO 27001, BSI 200-x, DORA, NIS2)
• Practical experience in analysing complex systems and explaining risks and controls clearly
• Ability to work independently and take ownership of deliverables
• Very good communication skills in both German and English
• Certifications such as CISSP, CISM, CISA or ISO 27001 Lead Implementer are a plus, but not a must