Are you passionate about cyber security? Do you enjoy supporting organizations to develop their cyber resilience? Do you know how to conduct risk assessments and how to bring business and IT together to collaborate on cyber security? We at WithSecure would want to work with you!

We are looking for a Security and Risk Management Consultant to join our Consulting Team in the exciting adventure of improving the information security posture and cyber resilience of our clients.

Key Responsibilities

• performing risk assessments
• performing PCI DSS assessments and building PCI DSS programs for clients
• defining risk mitigation strategies
• establishing information security governance frameworks
• advising on security objectives and risk appetite, security strategy and budget
• developing and maintaining good, long-term relationships with the client and their various stakeholders, including business, IT, product management and software development organisations
• being an upstanding colleague!

Who are we looking for?

• you have 3+ years of professional experience within information security with a suitable educational background
• your current role is probably an information security consultant, CISO, security manager, security architect, information security auditor, or similar
• you have a track record of successful security and/or risk management experience
• you are proficient in Finnish and English
• you are experienced in some of the following fields:
  • ISO/IEC 27001
  • security improvement programs
  • information security frameworks, such as CIS, NIST, PCI DSS and others, including national frameworks
  • legal requirements for information security, such as NIS, GDPR, and national legislation
  • risk assessment and threat modelling
  • cyber maturity assessment and IT audit
  • governance, risk and compliance
  • privacy

Bonus points

• recognized certifications within risk, security and privacy management, IT management and project management are a plus, but not a requirement. For example CISSP, CISM, ISO27001, CISA and OSCP
• experience of agile process models and different flavours of software development lifecycles are a plus
• technical architecture skills (including cloud architecture) are a plus
• skills to work with roles within software development, such as technical architects, software developers and product management, on their terms

What will you get from us?

• 1 to 1 coaching and tutorship sessions led by seasoned and well-respected industry-leading professionals
• access to our state-of-the-art bespoke training platform
• classroom-based learning sessions and the opportunity to attend external training courses and security conferences
• opportunities to push the industry forward through research using our blogs, talks, white papers and by participating at industry events

As part of the WithSecure Consulting team you will be working with some of the best security people in the world with a wide variety of passions and skills. We've been working years to acquire and retain highly skilled individuals – many of those who have left the team, have later returned after a brief stint elsewhere. If you like helping companies to improve their information security posture and cyber resilience, and challenge conventional wisdom, WithSecure Consulting has got your back.