Information Security Consultant

The Opportunity

We are looking to recruit a talented individual with a strong background in Information and Cybersecurity, Data Privacy and Information Risk Management. Knowledge of ISO 9001 and how to implement and maintain a Quality Management System (QMS) is a plus. The candidate will work with the existing team, under the Head of Professional Services, to deliver Information Security projects, working with a team of highly skilled and motivated security professionals, to provide assurance over and improve the security posture of our clients. Experience in a similar consultancy role is desirable although not a requirement, however given this is a client facing role, excellent communication skills (in both English and Italian) are essential. The role will be based in BSI’s office in Milan and report into the Information Governance Manager in Italy. It is therefore anticipated that up to 50% of time will be dedicated to an onsite project with a customer in Milan. The role will support both BSI Cybersecurity and Information Resilience’s rapid growth in Italy and our International delivery capability.

Key responsibilities and accountabilities

  • Information security assessments against international standards and best practices (e.g. ISO27001, NIST CyberSecurity Framework, etc.)
  • Implementation of information security strategy
  • Definition and review of information security architectures
  • Writing and review of information security policies
  • GDPR assessment and implementation projects
  • Delivery of trainings to customers on Information Security and GDPR
  • Responsible for the QMS of an international Company based in Milan

About BSI

We currently have an exciting opportunity for a Cyber Security, Privacy & Information Governance Senior Consultant / Manager / Senior Manager to work based out of our Milan office as part of our Irish & International Delivery team.

BSI equips businesses with the necessary solutions to turn standards of best practice into habits of excellence. It facilitates business improvement across the globe by helping its clients drive performance, manage risk and grow sustainably through the adoption of international management systems standards, many of which BSI originated.

BSI Cybersecurity and Information Resilience is a centre of excellence for managing and securing corporate information. We provide expertise to clients on the identification, protection, compliance and management of their information assets through a combination of consultancy, technology solutions, research and training. Our credentials are enhanced by internationally recognized accreditations, including CREST, Cyber Essentials, and Payment Card Industry Data Security Standard Qualified Security Assessor.

With over 81,000 clients globally in 182 countries, BSI is an organization whose standards inspire excellence across the globe.

About You

  • Third level qualification in information security, computer science or a related discipline with some further professional education and certifications.
  • Interpersonal skills are a must, with the proven ability to communicate effectively at all levels within BSI and externally with clients.
  • 1 or 2 years of experience in Information Security
  • Report writing and strong communication / delivery skills
  • Project management principles / experience
  • Candidates must be comfortable building client relationships, identifying new business opportunities and developing service offerings.

Certification in one or some of the following will be considered a plus:

  • Security architecture qualification [TOGAF, SABSA, ISC2 CISSP-ISSAP]
  • AWS and or Azure architect training / qualifications
  • Payment Card Industry Qualified Security Assessor (PCI QSA)
  • Certified Information Systems Auditor (CISA)
  • CIPP E/M
  • Data Protection Practitioner


Candidates should have an understanding across and expertise in some of the following areas:

  • Development and implementation of strategic security improvement programmes
  • ISO 27001 and NIST CSF Gap analysis and remediation strategy development
  • Strategy development and implementation support in the area of Data Privacy
  • Cloud Security, particularly CSA guidelines, AWS and Azure operational and infrastructure security
  • Knowledge and auditing experience of current legal and regulatory requirements around information security and privacy, including but not limited to
    • PCI DSS,
    • NIST Cybersecurity Framework
    • ISO27001 and ISO9001
    • Data Protection
    • ITGC Compliance Audits
  • Information Security Policy Development
  • Delivery of Information Security Awareness Training

Visit Us