To secure our client's critical projects by identifying, analyzing, and mitigating IT and cyber risks from the design phase. The mission is to bridge the gap between complex technical architectures and GRC requirements, ensuring all high-impact initiatives are resilient and compliant.
01 quantitative data
Scope: 100% of projects classified as "Critical" or "High Impact" within the company's portfolio.
Work Rhythm: Part-time position (3 days per week).
On-site Presence: Minimum of 2 days per week on-site to facilitate technical deep-dives and face-to-face stakeholder alignment.
Risk Reduction: Direct impact on reducing the company's cyber-exposure through proactive remediation tracking.
02 Key Responsibilities
Technical Risk Decomposition: Deconstruct complex project architectures and data flows to identify underlying security vulnerabilities. This involves applying OWASP Risk Rating Methodology for application-level threats alongside ISO 27005 for systemic IT risks.
Cross-Functional Collaboration: Partner with Architects and DevOps teams to integrate security controls without stalling delivery velocity.
Compliance Oversight: Ensure strict adherence to internal security policies and mandatory regulations, including GDPR and NIS2, throughout the project lifecycle.
Architecture Deep-Dives: Analyze software design (APIs, micro-services) to detect flaws such as those listed in the OWASP Top 10, ensuring security is baked into the design.
Third-Party Security: Conduct security reviews of external contracts and technical assessments of critical service providers.
On-site Stakeholder Engagement: Lead in-person workshops with Architects and Product Owners to translate regulatory requirements into technical controls.
Reporting: Translate technical risks into clear, actionable business insights for management and steering committees.
03 key performance indicators
Assessment Coverage: Percentage of critical projects analyzed before the production "Go-Live."
Remediation Rate: Percentage of high-risk findings successfully addressed or formally accepted by stakeholders.
Risk Prediction Reliability: Zero major security vulnerabilities discovered in production that were not previously identified during the GRC assessment phase.
Turnaround Time: Average duration between project intake and the finalization of the security risk report.
04 Skills required
Availability & Location: Ability to commit to a 3-day work week, with a mandatory presence on-site for at least 2 of those days.
Framework Mastery: Expert knowledge of Cyber frameworks (ISO 27001/27002/27005, NIST) and the NIS2 directive.
Technical Risk Expertise: Proven ability to apply OWASP Risk Rating Methodology and perform technical architecture reviews (Cloud/GCP environment).
Analytical Mindset: A "hunter" mentality for risks, capable of digging into technical documentation to find hidden gaps.
Communication: Fluency in English, with the ability to simplify complex security issues for non-technical stakeholders.
Experience: 5+ years in Cyber Security, specifically in a GRC or Security Architecture role.