Cybersecurity Governance Consultant

About Us

Gramian Consultancy is a boutique consultancy specializing in IT professional services and engineering talent solutions. With a strong background in engineering and leadership, we help companies build high-performing teams by matching them with professionals who truly fit their needs.

About the Role

Our client is a rapidly growing European cybersecurity consulting and technology integration organization, headquartered in Luxembourg and operating internationally. Following a recent strategic acquisition by a major industrial technology group, the company is expanding its Information Security Governance practice to support increasing client demand across regulated and enterprise environments.

As part of this growth, we are looking for an Information Security Governance Consultant to join a multidisciplinary cybersecurity team. In this role, you will work closely with CISOs, IT leaders, and business stakeholders to translate organizational needs into concrete information security strategies, governance frameworks, and risk management programs.

You will contribute to security maturity assessments, governance initiatives, compliance programs, and resilience planning, helping clients strengthen their security posture while keeping a pragmatic, business-oriented approach. The position offers exposure to diverse projects, structured onboarding with senior consultants, and continuous development within a collaborative, people-first environment that combines startup agility with enterprise stability.

Location: Hybrid

Office Location: Luxembourg

Contract: Permanent

Experience Level: Mid–Senior (around 5+ years preferred)

Languages: French (C1–C2), English (minimum B1)

Interview Process: Intro Call + HR Interview + Manager Interview

Responsibilities

• Assessing organizational security maturity and existing controls
• Identifying security initiatives and improvement roadmaps aligned with business objectives
• Performing information security risk assessments and advising on risk treatment strategies
• Supporting governance frameworks, policies, and operating models
• Contributing to resilience programs (BCP/DRP, incident management, cyber crisis management)
• Supporting regulatory and standards compliance initiatives (e.g., GDPR, ISO 27001, NIST CSF, CIS Controls)
• Advising on cloud security and modern IT environments
• Participating in audits, maturity assessments, and security program design
• Acting as a trusted advisor to management, CISOs, IT, and business teams

• 5+ years of professional experience in Information Security, Cybersecurity Governance, GRC, or Security Consulting roles
• Hands-on experience with Information Security Governance frameworks and operating models
• Practical experience in Information Security Risk Management (risk assessments, control reviews, treatment plans)
• Strong knowledge of at least one major security framework or standard: ISO 27001/27005, NIST CSF, CIS Controls
• Experience supporting compliance initiatives (e.g., GDPR, ISO 27001 certification, internal/external audits)
• Ability to translate business requirements into security policies, procedures, and actionable security programs
• Solid understanding of IT environments (networks, systems, cloud platforms, identity, endpoint security concepts)
• Strong analytical, documentation, and reporting skills (risk registers, maturity assessments, governance documentation)
• Proven ability to communicate with both technical and non-technical stakeholders (CISO, management, IT, business teams)
• Fluent French (C1–C2, written and spoken)
• Professional English (minimum B1, written and spoken)

• Hybrid / remote working options in line with local policies
• Company car or mobility budget, including fuel/transport support
• Comprehensive health coverage (medical, dental, hospitalization, vision)
• Pension plan with employer contribution
• Meal vouchers and employee benefits card
• Internal and external training programs fully supported by the company
• Continuous professional development in cybersecurity governance and consulting
• Exposure to diverse international client projects across multiple industries
• Structured onboarding with buddy system and regular follow-ups with your Team Leader
• Collaborative, people-first culture with accessible management and startup mindset
• Flexible environment with no formal dress code (except when required by clients)
• Opportunity to grow within a rapidly expanding cybersecurity organization backed by a large international group