Principal Consultant - Cyber Security Consulting & Advisory (m/f/d)

Role - Principal Consultant (JL6)
Technology - Cyber Security Consulting & Advisory
Location - Stuttgart/Munich/Frankfurt Germany (DE)
Business Unit - Cyber Security, Cyber C&A
Compensation - Competitive (including bonus)

Job Description

Today, the corporate landscape is dynamic and the world ahead is full of possibilities! None of the amazing things we do at Infosys would be possible without an equally amazing culture, the environment where ideas can flourish and where you are empowered to move forward as far as your ideas will take you.

At Infosys, we assure that your career will never stand still, we will inspire you to build what's next and we will navigate further together. Our journey of learnability, values and trusted relationships with our clients continue to be the cornerstones of our organization and these values are upheld only because of our people.

• 10years+ of industry experience working in enterprise cyber security domain
• Security Strategy & Program Management: Assess security risks, develop security roadmaps, and align security measures with enterprise IT security frameworks.
• Deploy and Configure Security Solutions: Implement, optimize, and manage cybersecurity platforms such as MS, Google and or AWS services, alongside controls assessment and understanding of NIST, ISO27K, TOGAF, SABSA frameworks and initiatives.
• Threat Monitoring & Incident Response: Identify, analyze, and respond to security events and incidents in networks, collaborating with IT and operational teams to mitigate threats.
• Security Assessments & Compliance: Conduct security assessments, evaluate risk, and ensure compliance with IEC 62443, NIST SP 800-82, NERC CIP, ISO 27001, and NIS2 frameworks.
• Vulnerability & Risk Management: Perform vulnerability analysis and penetration testing, and implement risk mitigation strategies tailored for ICS/SCADA environments.
• IT Integration: Work closely with IT, engineering, and operational teams to integrate security solutions seamlessly with existing enterprise security architecture.
• Vendor & Third-Party Security Management: Assess and oversee third-party vendors providing security solutions, ensuring their compliance with security policies and industry best practices.
• Training & Awareness: Develop and conduct cybersecurity training and awareness programs for internal teams, partners, and executives.
• Emerging Threats & Technologies: Stay informed about new cybersecurity threats, vulnerabilities, and emerging technologies in industrial cybersecurity, IoT security, and critical infrastructure protection.
• A high degree of awareness in one or more of the cyber industry trends and technologies e.g., Zero Trust Architecture, Responsible AI, Security Automation, Cyber Vendor consolidation, DevSecOps, SDLC, Security by Design/ Privacy By Design, IDAM, Cyber Architecture etc.
• Exposure to solutions such as Sailpoint, CyberArk, Ping, Omada, Crowdstrike, Microsoft, Fortinet, XSIAM Palo Alto, ZScaler technologies etc

• A broad outlook through exposure to an ecosystem of diverse cultures, stakeholders as well as emerging tools, technologies, regulations, standards etc,
• Experience with similar roles in consulting teams or organizations
• Relevant industry certifications like:
• Education: Bachelor's degree in Cybersecurity, Information Technology, or a related field.
• ICS/SCADA Knowledge: Strong understanding of Enterprise level cyber security and strategies through controls assessment and compliance.
• Security Platforms Expertise: Experience with OT security solutions including Claroty, Dragos, Nozomi Networks, and Armis.
• Network Security: Hands-on experience with firewalls, IDS/IPS, VPNs, authentication systems, PKI, log management, and content filtering.
• Cybersecurity Frameworks: Familiarity with NIST, IEC 62443, ISO 27001, NERC CIP, GSMA IoT Security Guidelines, and other industry security standards.
• Incident Response & Risk Management: Experience in security monitoring, incident response, and risk mitigation for OT environments.
• Technical Skills: Strong troubleshooting, analytical, and problem-solving abilities.
• Communication & Collaboration: Ability to work independently and within cross-functional teams, with excellent communication and interpersonal skills. Must have ability to converse verbally and in written English/German.
• Project Management: Knowledge of project planning, resource management, financial budgeting, and risk assessment for OT security projects.

• ISO27001:2022 Lead Auditor
• Certified Information Security Manager (CISM)
• Certified Information Systems Auditor (CISA)
• Certified Information Systems Security Professional (CISSP)
• GIAC Certified Incident Handler (GCIH)
• GIAC Cyber Incident Leader (GCIL)

• High analytical skills
• A high degree of initiative and flexibility
• High customer orientation
• Strong exposure in stakeholder management at Senior levels
• High quality awareness
• Excellent verbal and written communication skills (bonus if candidate can speak German and another European language)