Senior Consultant

Провідний фахівець з інформаційної безпеки

Job title: Senior Consultant

Category: Information Security / Governance, Risk, and Compliance

Location: Kyiv Ukraine, Obolonska Naberezhna str. 1

Type of vacancy: Full-Time Employee (Remote work is possible)

Salary: UAH + bonus

About us: We strive for perfection with no limits, continually improving our services to deliver work that is better than the day before and exceeds our client’s expectations. We believe that there is always room for growth and development, and we are committed to investing in our team members’ ongoing education and training. In addition to professional development, we encourage our team members to engage in continuous learning outside of their immediate areas of expertise. By fostering a culture of intellectual curiosity and open-mindedness, we create a dynamic and innovative work environment that allows us to deliver creative and effective solutions to our clients’ cybersecurity challenges. We continuously improve and elevate the level of service we provide to our clients, ensuring that we remain a trusted and reliable partner in their cybersecurity journey. We provide our clients with the highest level of cybersecurity expertise, staying ahead of emerging threats and helping them protect their valuable assets and confidently achieve their business goals.

Website – https://audit3a.com/

Job Description: Our company seeks an experienced GRC (Governance, Risk, and Compliance) Senior Consultant to join our team. The ideal candidate will deeply understand GRC frameworks, including ISO 27001, NIST, PCI DSS, EU GDPR, and other relevant regulations. As a GRC Senior Consultant, you will be responsible for working with our clients to develop and implement effective cybersecurity strategies and solutions that align with their business objectives and compliance requirements, including:

• Conduct risk assessments, gap analyses, and compliance assessments for clients across various industries.
• Develop and implement cybersecurity strategies, policies, and procedures that align with client business objectives and compliance requirements.
• Collaborate with clients to design and implement effective controls and remediation plans.
• Provide guidance and recommendations on implementing international standards and frameworks, including ISO 27001, NIST, PCI DCC, GDPR, etc.
• Stay up-to-date on industry trends, emerging threats, and new regulations to ensure clients remain compliant and secure.
• Deliver cybersecurity training and awareness programs to client’s stakeholders, including executives and employees.

Qualifications:

• Strong commitment to professional excellence, taking personal responsibility to raise the bar and deliver impactful results.
• Excellent communication and interpersonal skills, able to effectively engage with stakeholders at all levels.
• Deep understanding of cybersecurity frameworks, such as ISO 27001, NIST, PCI DSS, and EU GDPR, with experience applying this knowledge to inform recommendations and deliverables.
• Ability to plan and execute risk assessments, leveraging cybersecurity frameworks and tools and applying qualitative and quantitative techniques to improve the reliability and validity of assessments.
• Proficient in designing and implementing risk governance structures and processes, devising targeted mitigation plans, and supporting frameworks and tools.
• Strong analytical and problem-solving skills, critically analyzing risk assessment results and thinking independently to generate recommendations and solutions.
• Experience leading analysis of the client’s threat landscape, control environment, and cyber capabilities to identify gaps and develop prioritized recommendations to enhance the effectiveness of the client’s cyber risk management capabilities
• Bachelor’s degree in Computer Science, Information Security, or related field, with 3+ years of experience in GRC consulting, including risk management, compliance assessments, and policy development. Professional certifications, such as ISACA (CISA/CISM, ISC2 (CISSP), PECB (ISO 27001 LA/LI) or equivalent, are preferred.

If you’re looking for a challenging opportunity with a dynamic and growing organization, we encourage you to submit your application for consideration. We offer competitive compensation packages, career growth and development opportunities, and a collaborative work environment.