Senior Consultant Information Security Management Systems (ISMS)

This is a remote position.

Job Title

Senior Consultant Information Security Management Systems (ISMS)

Location: Remote (occasional travel to the client office in Germany required)

Start Date: 15 / 09 / 2025

Contract Type: Freelance / Contract Full-Time

Overview

We are seeking a Senior Consultant with deep expertise in compliance risk and information security management to support the planning, implementation and operationalisation of an Information Security Management System (ISMS) within a large-scale multinational programme. The role involves working closely with a dedicated compliance risk and security (CRS) enablement team that ensures alignment between regulatory requirements, IT security standards and the platform s product architecture.

About the Role

The CRS Enablement team acts as the second line of defence for security governance, defining ISMS processes and policies, maintaining the Compliance Requirements Catalogue (CRS Rulebook) and ensuring automation of security posture management. This role will lead ISMS planning, implementation, audit preparation, certification readiness and continuous improvement activities, engaging with stakeholders at both programme and group levels.

Responsibilities

• ISMS Planning

  Define and document the ISMS scope; Coordinate with stakeholders to create and maintain ISMS policies aligned with architectural and process changes; Integrate ISMS into the programme s target operating model; Plan the ISMS using an MVP-first approach with a prioritised roadmap; Develop detailed plans for policies, processes, procedures, awareness activities and technology adoption; Align the ISMS vision with the broader group context to enable economic consolidation and best practice integration; Improve information security governance and target operating models

• ISMS Implementation & GRC Integration

  Execute ISMS and related GRC structures according to the defined plan; Coordinate with relevant stakeholders to align requirements across the group; Incrementally expand ISMS capabilities beyond the MVP; Maintain clear stakeholder communication throughout the process; Prioritise initiatives with immediate operational impact over academic exercises

• Audit Preparation

  Prepare product lines and programme functions for real audit situations via dry runs and readiness assessments; Enhance evidence provision processes for audit compliance; Challenge existing processes to improve audit readiness

• Certification Readiness

  Identify and prioritise relevant certifications (e.g. ISO 27001); Develop a certification roadmap with detailed time and resource planning; Oversee workstreams to achieve certification maturity

• Measurement & Continuous Improvement

  Establish methods to measure ISMS effectiveness and efficiency; Drive continuous improvement initiatives with the CRS team and group-wide stakeholders

Requirements

Eligibility

• Residency in the EU or UK

Must-Have Experience

• 5 years in information security strategy, GRC and ISMS
• Proven experience in designing, implementing, integrating and operating ISMS
• Strong understanding of KRITIS-related ISMS development (preferably in the energy sector)
• Experience in implementing and auditing ISMS and GRC processes, policies and procedures
• Knowledge of applicable regulations and regulatory bodies (e.g. BNetzA, BSI, NIS-2, CRA)
• Expertise in information security risk management methods
• Strong project management skills
• Experience developing security metrics and measurement methods (KPI, KRI, CSI)
• Understanding of GRC technology with an automation-first mindset
• Familiarity with cloud-native and hybrid environments
• Knowledge of OT environments and relevant security frameworks (e.g. CSA CCM, OSCAL, CIS)
• Experience in product-driven organisations

Must-Have Language Skills Fluent English (C1 level or above)

Preferred Experience

• Professional German language skills (IT context)
• Relevant certifications (e.g. CISM, CISA, ISO 27001 Lead Implementer / Lead Auditor)
• Experience in business continuity management (BCMS) and disaster recovery
• Experience as an ISO 27001 auditor
• Knowledge of EU-based TSO standards (e.g. IEC 61850)
• Understanding of energy sector regulations (e.g. EnWG, BSI-KRITIS)

Benefits

As a freelancer / contractor with us you will enjoy flexible working hours and the freedom to choose your own projects. Our platform gives you access to exciting projects in various industries and supports you in advancing your career. You ll benefit from competitive pay and a dedicated team to help you with any questions you may have. Work independently and utilise our strong network to achieve your professional goals.

Key Skills

Economics, Assessment, Compensation, Information Technology Sales, IT Service Desk

Employment Type: Full Time

Experience: years

Vacancy: 1

#J-18808-Ljbffr