Information Security, Risk and Compliance Lead Consultancy (PID0541)

This is a remote position.

The Information Security, Risk and Compliance Lead provides strategic leadership to embed robust security governance and risk management across a complex digital ecosystem. As the Information Security, Risk and Compliance Lead Consultancy expert, you will be responsible for defining the security roadmap and ensuring all product lines adhere to essential regulatory and architectural standards.

This is a full-time contract engagement for 1 FTE. A daily rate is available for this position. 3 month contract, likely to extend.

English is the only language requirement. Only occasional onsite visits to Germany are required.

Responsibilities

• Lead the vision, scope, and roadmap for security and risk initiatives across various platforms and product domains.
  

• Oversee the transition of security protocols from the initial design phase through to sustainable line organisation.
  

• Direct the activities of technical experts and analysts to ensure that architectural designs comply with risk and security requirements.
  

• Act as the primary authority for cross-domain security decisions and the main interface for senior stakeholders.
  

• Design and maintain governance models that define clear roles, responsibilities, and interfaces between technical teams and compliance functions.
  

• Balance regulatory obligations with technical feasibility to provide actionable guidance for delivery teams.
  

• Ensure consistent adoption of security architecture principles and patterns across the entire infrastructure.
  

• Align technical domains with internal and external standards, translating complex rules into procedural requirements.
  

• Manage the impact of regulatory changes on architecture and project delivery timelines.
  

• Build long-term capability through knowledge-sharing, training, and fostering a "security by design" culture.
  

Requirements

• Proven experience owning and driving enterprise-wide security, compliance, and risk programmes across multiple products or platforms.
  

• Strong capability to define vision, scope, roadmaps, and success criteria for complex cross-domain initiatives.
  

• Ability to lead initiatives from early analysis through to transition into line or BAU organisations.
  

• Deep understanding of regulatory, compliance, and risk management frameworks relevant to large enterprises.
  

• Strong experience managing regulatory impacts on architecture, processes, and delivery timelines.
  

• Proven ability to ensure consistent interpretation and application of compliance and security requirements across products and teams.
  

• Hands-on experience designing and governing compliance and security controls across technical and procedural domains.
  

• Solid background in security architecture, including platform, product, and integration-layer security.
  

• Experience defining, approving, and enforcing security principles, patterns, and secure design practices.
  

• Ability to translate abstract compliance and risk requirements into actionable technical requirements.
  

• Experience validating and consolidating inputs from Technical SMEs and Security Analysts into a coherent target architecture.
  

• Ability to understand, review, and challenge technical designs and architectures without being the hands-on implementer.
  

• Proven experience aligning security architecture across platforms and product lines.
  

• Demonstrated experience defining governance models, operating models, and decision forums.
  

• Experience embedding security and compliance reviews into development and delivery lifecycles.
  

• Strong capability to act as the primary interface between technical leadership and GRC, Compliance, and Risk stakeholders.
  

• Proven experience representing security and compliance topics in senior steering committees and executive forums.
  

• Excellent communication skills to align diverse stakeholders with competing priorities.
  

• Experience building sustainable security and compliance capabilities, rather than just project deliverables.
  

• Proven capability to embed “security and compliance by design” into organisational culture and standards.
  

• Fluent English in speech and writing (at least C1 level).
  

• Eligibility Residency in the EU, EEC, UK, or Switzerland.
  

Nice to Have Requirements

• Familiarity or certification with frameworks such as ISO 27001 / 27005, NIST CSF, COBIT, or ITIL/ITSM.
  

• Relevant professional certifications such as CISSP, CISM, or CISA.
  

• Experience with cloud security certifications (AWS, Azure, GCP).
  

• Enterprise or security architecture certifications, such as TOGAF with a security domain focus.
  

Benefits