Are you passionate about cyber security? Do you enjoy helping organizations enhance their cyber resilience? Can you conduct risk assessments and facilitate collaboration between business and IT on cyber security matters? Are you an expert in privacy regulations and other legal requirements related to information security?

If so, WithSecure Consulting might have the perfect job for you!

We are looking for a Security Advisory Consultant to join our Consulting Team in the exciting journey of improving our clients' information security posture and cyber resilience. In this role, you'll perform risk assessments, conduct PCI DSS evaluations, and build tailored security programs. You'll define risk mitigation strategies, establish governance frameworks, and advise on security objectives, strategy, and budget. Building strong, long-term client relationships across various departments is key. While a technical background is an advantage, it is not a requirement.

What we're expecting from you:

• 3+ years of professional experience in at least one of the following areas:
  • Privacy: Ensuring compliance with privacy laws and regulations, and implementing privacy-by-design principles in systems and processes.
  • ISO/IEC 27001: Implementing and maintaining an ISMS based on the ISO/IEC 27001 standard, including conducting internal audits and achieving certification.
  • Security Improvement Programs: Designing and executing programs aimed at enhancing an organization's overall security posture, including the development of security policies, procedures, and controls.
  • Information Security Frameworks: In-depth knowledge of various information security frameworks such as CIS, NIST, PCI DSS, and national frameworks.
  • Legal Requirements for Information Security: Familiarity with legal and regulatory requirements related to information security, such as NIS, GDPR, and other national legislation.
  • Risk Assessment and Threat Modelling: Conducting risk assessments to identify and evaluate potential threats and vulnerabilities, and developing threat models to understand and mitigate risks.
  • Cyber Maturity Assessment and IT Audit: Assessing an organization's cybersecurity maturity level and conducting IT audits to evaluate the effectiveness of security controls and identify areas for improvement.
  • Governance, Risk, and Compliance: Establishing and maintaining GRC programs to ensure that security practices align with business objectives and regulatory requirements.
• Proficiency in Finnish and English
• Being an awesome colleague!

Bonus points for:

• Recognized certifications in risk, security, and privacy management, IT management, and project management, such as CISSP, CISM, ISO27001, and CISA
• Experience with agile process models and various software development lifecycles
• Technical architecture skills, including cloud architecture
• Ability to collaborate effectively with roles in software development, such as technical architects, software developers, and product managers, on their terms

Why you'll love us:

• Continuous learning: We invest in your education and support your development through relevant training, conferences, and certifications. You'll also have opportunities to learn on the job and from your colleagues. We arrange monthly knowledge-sharing sessions for the whole team to ensure you benefit from our in-house expertise (and can spread your wisdom, too).
• Research time: If you're passionate about security research, you'll have dedicated time to pursue it and collaborate with brilliant minds. We'll support you in writing blog posts and presenting at conferences. Our team has presented at notable events like Defcon and Disobey, among others.
• Top-notch team: We are a team of true cyber security experts. Join us to work with and learn from the best in the industry. Iron sharpens iron, after all.

Ready to join the cyber security elite? Apply now and let's make the digital world a safer place!