SECFORCE
SECFORCE

Security Consultant - Risk Management / GRC Specialist (UK, Greece, Malta, Spain, Italy, Poland)

Athens, Greece (hybrid)
Employee
Business Consulting

Join the Rebellion: Security Consultant Needed to Develop the Strategy Against the Evil Empire!

Are you passionate about fighting cybercriminals, securing organisations and putting your skills to good use for a cyber-crime free world? So are we!

Do you thrive in dynamic situations where quick, strategic thinking can make all the difference? If so, we want you on our team!

SECFORCE Consulting is an emerging team, offering tailored consulting services that help organizations navigate complex requirements, optimise their security strategies and improve their overall security capabilities.

SECFORCE is looking for a security consultant with solid experience in risk management, to join our awesome team in the United Kingdom (London), Greece (Athens), Malta, Spain, Italy or Poland.

Who are we?

We are a young team, and we promote a fun working environment. We are passionate about guiding organizations achieve their security objectives and help them strengthen and mature their security posture. We also work hard, and we believe that, in combination with our testing team, we are one of the best security consultancy companies in the world.

Tasks

We are looking for a consultant, with solid technical experience, passionate about security who wants to grow their skills and become a trusted advisor to a wide range of different companies.

Requirements

Required Skills:

  • Strong technical mindset, with understanding of offensive security (how adversaries attack organisations)
  • Comprehensive understanding of risk management frameworks and standards (e.g., NIST CSF/RMF, ISO 27001, 27005, 31000, FAIR, COSO) and relevant regulatory requirements (e.g., DORA, GDPR, NIS2), with proven ability to apply them in sectors such as financial services, technology, and critical infrastructure.
  • Proven ability to work collaboratively with a wide range of stakeholders, including executives (C-suite), senior management, and cross-functional teams to drive risk management initiatives and ensure organizational alignment.
  • Ability to assess, design, and implement risk management strategies, frameworks, policies and procedures that align with organizational objectives and regulatory mandates.
  • Proven experience in setting up risk management programs identifying, assessing, mitigating, and reporting on ICT-related risks, with a focus on compliance with sector-specific regulations in financial services or critical infrastructure.
  • Strong communication skills, with the ability to convey complex risk-related concepts to both technical and non-technical audiences.
  • Proactive approach to staying updated with evolving regulations and industry best practices, with a strong commitment to continuous professional development.

Primary focus:

  • Performing security and risk assessments and reviews to ensure compliance with regulatory requirements and industry standards.
  • Developing risk management strategies, policies, and procedures tailored to clients’ specific needs.
  • Monitoring and reporting on the status of information security controls and risk mitigation activities.

Other requirements:

  • Applicants must have the legal right to work in the EU or UK.

Nice to have:

  • 5+ years of proven experience in risk management, ICT risk management, or regulatory compliance, preferably within the financial services or technology sectors.
  • Relevant certifications such as CRISC (Certified in Risk and Information Systems Control), FAIR (Factor Analysis of Information Risk), CISSP (Certified Information Systems Security Professional), CISA (Certified Information Systems Auditor), ISO 27001 Lead Implementer or Lead Auditor, or CISM (Certified Information Security Manager) are desirable but not a requirement.
  • Experience in developing, implementing, and testing Business Continuity Plans (BCP) and/or Incident Response strategies to ensure resilience against ICT disruptions.
  • Experience in assessing and managing third-party risks in alignment with regulatory requirements, ensuring third-party compliance with operational resilience standards.
  • Proven experience in developing and implementing ISMS and cybersecurity frameworks.
  • Understanding of DORA regulatory requirements

Benefits

What we offer:

  • A key role in delivering security advisory services to some of the biggest names in the industry
  • A work environment with an emphasis on knowledge sharing
  • Hybrid to full-remote working policy
  • Relaxed working environment (no dress code, objective based approach, etc.)
  • Annual training budget
  • Frequent team events and trips

Great! What's next?

If you are passionate about security consulting, please get in touch!

One piece of advice: Please don't send us the typical - boring - cover letter. We are not that kind of company. We are dynamic and fun. Send us just a paragraph describing why you are passionate and motivated about security consulting, what type of projects you have been involved in, what excites you and what your aspirations are.

Updated: 29 minutes ago
Job ID: 13131479
Report issue

SECFORCE

11-50 employees
Information Services

SECFORCE is an independent offensive cyber security consultancy specialised in Penetration Testing and Adversary Simulation.

Founded in 2008 out of love and passion for the hacki…

Read more
  1. Security Consultant - Risk Management / GRC Specialist (UK, Greece, Malta, Spain, Italy, Poland)