Principal Consultant - Information Security

A specialised consultancy is expanding its team of Information Security experts. This role is focused on delivering practical, regulatory-driven security and risk projects — not high-level strategy slides. You’ll work directly with clients across financial services, critical infrastructure and other regulated industries to help them manage IT risks and meet compliance expectations.

Key Responsibilities:

• Lead or support client projects in information security, IT risk and compliance – covering planning, execution and reporting
• Conduct gap analyses and support the implementation of requirements under DORA, NIS2, KRITIS, ISO 27001 or BSI Grundschutz
• Evaluate business and IT processes from a risk, efficiency and compliance perspective
• Coordinate cyber risk reduction programmes and security governance frameworks
• Help clients integrate security into existing processes and IT landscapes, including areas like IAM, SIEM or third-party risk
• Translate regulatory and technical requirements into structured, actionable plans
• Build long-term relationships with clients and contribute to developing internal methods and service offerings

• Several years of experience in information security, IT compliance or cyber risk – ideally within consulting or project-based environments
• Degree in IT, engineering, business IT or a related field
• Strong understanding of common frameworks and standards (e.g. ISO 27001, BSI 200-x, DORA, NIS2)
• Practical experience in analysing complex systems and explaining risks and controls clearly
• Ability to work independently and take ownership of deliverables
• Very good communication skills in both German and English
• Certifications such as CISSP, CISM, CISA or ISO 27001 Lead Implementer are a plus, but not a must