Cyber Security Consultant

Job purpose
The Cybersecurity Consultant will strengthen the organization's cybersecurity posture by enhancing Governance, Risk, and Compliance (GRC) practices. This role involves assessing current security frameworks, identifying risks, and ensuring compliance with relevant standards, regulations, and directives. Key responsibilities include leading compliance measure using Indicators, Security Controls, and Maintain the GRC Tool under control, as well as execute Project and Task Management activities.

Additionally, other activities where support will be given are third-party risk assessments, supporting ISMS design and implementation, conducting gap analyses, and aligning policies with the Cybersecurity Core framework. The consultant will also support and perform internal audits, risk assessments, and disaster recovery planning, while advising leadership on GRC strategy and security awareness initiatives.
Main selling points of the job    (for recruiting)
Are you a cyber security enthusiast with a passion for making a meaningful impact on a global scale Join our global IT Security Team (CISO Office) as a Cyber Security Consultant and play a pivotal role in fortifying our digital fortress. At Sulzer, we believe in fostering innovation and excellence, and we are on the lookout for a talented professional to contribute to our dynamic cyber security landscape.

Main accountabilities and tasks
Play a key role in project management activities inside GRC area, to keep order, track all activities, and follow up all the findings and observations from audits, security assessments, from customers.
Collaborate on the design, implementation, measurement and maintenance of our cutting-edge GRC Tool, mainly compliance checks and reporting by KCIs, KPIs and KRIs to evaluate and monitor Sulzer Cyber Security Posture.
Coordinate and host external auditors (e.g., ISO certification bodies, regulatory agencies), gathering evidence and facilitate interviews with subject matter experts.
Finding Life-Cycle Management - Maintain a centralized Audit Issue Register. Track every finding, observation, and non-conformity from both internal assessments and external audits.
Serve as the primary point of contact for customer-led security audits and questionnaires. Ensure responses are accurate, professional, and reflect the company's current security posture.
Collaborate and support activities related to Third-Party Risk Management System, process and maintain all the landscape of third-party cyber security risks associated with the different solutions and systems. This will require analyzing the vendor and solution posture, having necessary being able to read and interpret data flow and architecture diagrams of the solutions, before implementing them in Sulzer systems.
Collaborate on the development, implementation, and maintenance of our Information Security Management System (ISMS) and technical security documentation (security policies, standards, procedures, etc.).
Ensure the compliance alignment of Sulzer with different directives, standards, laws and regulations, with a global scope, by performing Gap Analysis.
Support vulnerability management area, as well as work as enabler between risk management and vulnerability management area, as well as the involved stakeholders
Partner with IT, engineering, development and plant operations to define remediation plans. Monitor progress and verify that evidence of 'fixing' the issue meets audit standards before closing the ticket.
Support GRC and investigative activities by assisting with technical reviews of client‑reported incidents, and ensuring risks are documented, mitigated, or blocked according to governance requirements.

Financial:  Revenue $, Budget
Geographic:
Global
Key internal / external stakeholders :
All Sulzer

Desired experience and qualifications:
Work experience : 5-8 years
Expertise:

Education:

Level: Bachelor Subject:
Computer Science / Relevant Certifications :  Security Certificates in Governance, RISK and Compliance (CISM, CRISC, etc.) ITIL, PMP / PMI or Project Management Experience, ISO 27001 LA, Risk Management, NIST Cyber security Framework and Controls, NIS2 Directive, CRA, RED, ISO 22301, ISO 27005, IEC 62443, and other directives and standards (e.g. ISO 42001, GDPR, etc.)

Soft skills:

Communication effective collaboration, Highly Organized, Stakeholder management and diplomacy, Resilience and Assertive Persistence, Analytical problem Solving, Audit Capabilities, Conflict Resolution
Other:
Proficiency in Windows-based operating systems and networks, with the ability to analyze security issues, detect gaps and security threats.
Knowledge in Security Architecture, to being able to develop Third-Party Risk Management analysis of the solution.
Demonstrated ability to analyze, triage, and escalate cyber security threats and risks.
Basic Knowledge of Defender XDR, Purview, Intune, Vulnerability Management Tools, CISO Assistant or GRC Tools
Expertise in Power BI, Excel, and automate and improve…