GemTech
All roles

IT Security Consultant

Frankfurt am MainRemote

About the Role

Nordwatch Advisory LLP is seeking an experienced IT Security Consultant to join its Cyber Risk Services practice at Manager level on a permanent, full-time basis. Based in Frankfurt am Main, this role works within a DACH-wide practice serving clients across financial services, pharmaceuticals, automotive, energy, and the public sector.

The role focuses on leading client engagement workstreams, managing senior client relationships, mentoring consultants, and contributing to practice development and thought leadership. The position operates in a flexible hybrid model, typically involving a mix of office time, client-site work, and flexible work arrangements, depending on engagement needs. Travel across the DACH region is expected.

Key Responsibilities

  • Lead security maturity assessments aligned with frameworks such as NIST CSF, ISO 27001/27002, BSI IT-Grundschutz, and similar standards.
  • Scope and deliver security strategy and transformation programs, including Zero Trust architecture roadmaps.
  • Advise clients on regulatory response requirements including DORA, NIS2, GDPR, BAIT, VAIT, KAIT, MaRisk, and other sector-specific obligations.
  • Lead third-party risk management activities and vendor security assessments.
  • Support clients during incident response engagements in partnership with the firm’s dedicated incident response team.
  • Lead engagement workstreams and manage client relationships with senior stakeholders, including contacts at the CISO level and below.
  • Mentor junior and senior consultants and act as a career counselor.
  • Contribute to proposal development for new client opportunities.
  • Co-author thought leadership materials such as white papers, conference presentations, and client briefings.
  • Participate in training delivery for counselees and the broader practice.
  • Support Partners and Senior Managers on business development and sales pursuits.
  • Maintain relationships with a small portfolio of named clients.
  • Represent the firm at relevant industry events.

Required Qualifications

  • 7+ years of experience in IT security consulting, internal security, or audit, including at least 4 years in a professional services or advisory environment.
  • Demonstrated ability to lead engagement workstreams valued at €200k+.
  • Deep knowledge of at least two of the following areas: ISO 27001/27002, NIST CSF and NIST 800-series, BSI IT-Grundschutz, DORA operational resilience, NIS2 implementation, Zero Trust architecture, or SWIFT CSCF / PCI-DSS.
  • Fluent German and professional English at C1+ level in both languages.
  • Willingness to travel up to 50% within the DACH region, typically involving 1–3 nights per week.
  • Current authorization to work in Germany without sponsorship.

Preferred Qualifications

  • One or more relevant certifications such as CISSP, CISM, CRISC, CISA, or equivalent.
  • Prior experience in a Big 4 or other major consulting environment.
  • Client exposure in financial services, pharma, or critical infrastructure.
  • Demonstrated speaking or publication record in the cybersecurity field.
  • Technical depth in cloud security, including AWS, Azure, or GCP at certified level.
  • SAP security experience.
  • An advanced degree such as an M.Sc. or MBA.

What We Offer

  • Total target compensation of €125,000–€155,000, depending on experience.
  • Base salary of €95,000–€120,000.
  • Annual performance bonus with a 15–25% target, paid in October following year-end.
  • Firm-contribution pension (bAV), separately negotiated.
  • Car allowance or lease program aligned with German market standards.
  • Private health insurance top-up.
  • 30 days of annual leave plus public holidays.
  • Coverage of professional certification costs, including exam fees, training, and maintenance.
  • Generous parental leave for both parents, including salary top-up to 100%.
  • Sabbatical eligibility after 5 years.
  • Mobile phone, laptop, and home office stipend.
  • Firm-subsidized meals in the office and Urban Sports Club access.
  • A collaborative Cyber Risk culture with active workload tracking and discussion, alongside support during busy periods.
  • A modern Frankfurt office located near Hauptbahnhof.

Apply

Interested in this role?

Drop your resume and a few details. We’ll take it from here.