Infosys Consulting is seeking a Governance, Risk, and Compliance (GRC) SME for the DACH region. In this role, you will help companies strengthen their cybersecurity posture, manage cyber risks, and meet regulatory requirements by applying your expertise in frameworks, risk management, and security governance. You will work closely with client teams to guide policy development, conduct analyses, and ensure compliance.
What You'll Do
- Work on global projects within an international team, supported by over 330,000 technical experts.
- Contribute to the development of consulting offerings and go-to-market solutions to make cyber risks understandable and reduce them.
- Lead and conduct risk analyses according to the NIST CSF.
- Take responsibility for conceptualizing innovative new services using AI and ML where they provide real added value.
- Support presales, sales, and account management activities as a Subject Matter Expert.
What We're Looking For
- A relevant university degree (Bachelor's or Master's) in Information Security, Cybersecurity, or IT Security.
- At least 1–5+ years of professional experience in Cyber Security / Information Security.
- Broad business competence, including stakeholder management, problem-solving skills, and resilience.
- Experience in collecting, validating, analyzing, documenting, and communicating information appropriately for the target audience.
- Excellent communication skills in German (C2) and English (C2) as well as willingness to travel for projects.
Nice to Have
- Good knowledge of the NIST Cybersecurity Framework (CSF).
- Advanced university degree in Cyber or Information Security.
- Knowledge of ISO 27001, NIS2, SOX, GDPR, DORA.
- Experience in Cyber Due Diligence Assessments, Cyber Risk Management for third parties and supply chains, and reviewing Incident Response Plans.
- Experience supporting tenders, RFP responses, and proposals, and conducting crisis management exercises (CMX).
- Certifications such as CISSP, CISM, CISA, GSLC, GSTRT, GCPM.
- Participation in the development of Target Operating Models (TOMs) and RACI matrices.
- Experience creating Cyber Security Roadmaps, supporting Post-Incident Reviews, and analyzing Cyber Threat Intelligence Reports.
- Experience implementing Cyber Compliance Programs (GDPR, DORA, ISO 27001, NIS2, SOX).
- Experience with Cyber Risk or Maturity Assessments, designing and/or conducting awareness training.
- Experience working on Identity & Access Management and Privileged Access Management projects.
- Enjoy working with clients from different industries and balancing technical and commercial requirements.
- Ability to build robust business relationships at all levels and provide professional support to less experienced colleagues.
- Ability to explain complex cyber methods understandably and non-technically (in writing and orally).
Team & Environment
You will be part of a large, entrepreneurial environment with over 300,000 employees. Specifically, you will join the Tech Transformation Practice, which supports CIOs with a team of business analysts, enterprise architects, and cyber security specialists.
Benefits & Compensation
- Above-average compensation.
- Attractive additional benefits.
- Excellent training and development opportunities.
Work Mode
This is a hybrid role with locations in Frankfurt, Munich, Hamburg, Cologne, Düsseldorf, Berlin, and Stuttgart.
Infosys Consulting fosters an inclusive and entrepreneurial culture, guided by the values IC-LIFE – Inclusion, Equity & Diversity, Client, Leadership, Integrity, Fairness and Excellence. The firm is recognized by Financial Times and Forbes as a leading consulting firm, particularly for customer innovation, cultural diversity, and excellent training and career paths. It was awarded Top Employer in Germany 2023 and certified by the Top Employers Institute for outstanding working conditions in Europe for five years in a row.
