Senior Information Security Management System (ISMS) Consultant (m/w/d) - GRC / Kritis

Startdatum:

18.08.2025

Beschäftigungsart:

Freiberuflich

Region:

remote/Berlin/Frankfurt am Main

Beschreibung:

For our costumer, we are looking for a Information Security Management System (ISMS) Consultant (m/w/d).

 

The contractor must be at a senior level in compliance, risk and security management area with proven experience in

establishing information security management systems in large multinational organizations with KRITIS-relevance, preferably in energy sector.

 

Location: 80% remote, 20% onsite in Berlin / Frankfurt am Main

Full-time

Start: 18.08.2025

 

Tasks:

Planning an ISMS landscape

Implementation and operationalization of ISMS and GRC structures

Audit preparation

Certification preparation support

Measure and Improve the ISMS

 

Must haves:

- At least 5+ years of working experience in the domain of Information Security Strategy, GRC and ISMS

- Profound experience in the design, implementation, integration and operations of ISMS

- Strong understanding and experience of ISMS development in the context of KRITIS, preferably energy sector

- Experience with implementing and auditing ISMS and GRC processes and further relevant artifacts like policies,

procedures, etc.

- Strong understanding of applicable regulations, their implementation as well as the accordant ecosystem and

authorities (e.g. BNetzA, BSI, NIS-2, CRA, etc.)

- Strong understanding of information security risk management and accordant methods

- Strong project management skills

- Experience in developing relevant metrics and measurement methods (e.g. KPI, KRI and CSI)

- Good understanding of GRC technology and “automation-first” attitude

- Good understanding of cloud-native and hybrid paradigms and technologies

- Good understanding of technology in general, preferably also in regard to traditional OT environments

- Good understanding of security frameworks and best practices for the relevant technical and organizational context

(e.g. CSA CCM, OSCAL, CIS, etc.)

- Experience with product-driven organizations

 

Must-have language skills:

Fluent English in speech and writing

 

Nice to haves:

- Relevant regulations for the energy sector (e.g. EnWG, BSI-KRITIS, etc.)

- Relevant standards in particular EU-based TSOs (e.g. IEC 61850)

- Experience as an auditor (e.g. for ISO 27001)

- Experience in the domain of business continuity management, BCMS and disaster recovery processes

- Relevant certificates (e.g. CISM, CISA, ISO 27001 Lead Implementor / Lead Auditor, etc.)

- German in speech and writing (IT subject area)