.Information Security Management Consultant Syffer is an all-inclusive consulting company focused on talent, tech and innovation. We exist to elevate companies and humans all around the world, making change, from the inside to the outside. We believe that technology + human kindness positively impacts every community around the world. Our approach is simple, we see a world without borders, and believe in equal opportunities. We are guided by our core principles of spreading positivity, good energy and promoting equality and care for others. Our hiring process is unique! People are selected by their value, education, talent and personality. We don't present ethnicity, religion, national origin, age, gender, sexual orientation or identity. We are looking for a professional to join a client team. What you will do Assess current security processes and policies; Provide expert advice on cybersecurity best practices; Develop and refine cybersecurity strategies based on client needs; Collaborate on assessments, audits, and policy/procedure definitions, including best practices for information security and business continuity; Support the developmentand implementation of security architectures, action plans, and controls aligned with standards and best practices; Recommend security-focused application and infrastructure architectures ("Security by Design"); Ensure procedures, control plans, methods, and tools are established; Measure and evaluate control effectiveness; Analyze results and action plans critically; Identify risks from non-compliance and propose mitigation actions. Who you are Master's or Bachelor's degree in Computer Science, Information Technology, Engineering, or a related field; 3-4 years of professional experience in technology and security roles; Experience in cybersecurity and risk assessments, ideally as a security analyst, engineer, or consultant; In-depth knowledge of IT and OT landscapes, security architecture, network security, and concepts like security testing, cloud security, and hybrid cloud setups; Strong technical skills, conceptual thinking, analytical abilities, and a deep understanding of cybersecurity principles for assessing and enhancing architecture security; Excellent communicationand presentation skills; Familiarity with security frameworks and methodologies such as CIS, NIST, OWASP, and MITRE ATT&CK; Knowledge of ISO27001, NIS2, DORA, NIST 800-53, ITGC, GDPR, business process transformation, change management, business continuity, etc.; Experience with processdesign tools and MS Office; Fluent in English and Portuguese; Preferred: Security certifications like ISO27001, CISSP, CISM, CISA, CRISC, or similar; Remote, but the consultant must be in Portugal
