As a GRC Consultant, you will help develop and enhance governance frameworks, assisting clients meet evolving regulatory and cybersecurity obligations. You'll advise senior stakeholders, lead audits, and support clients in strengthening their compliance and risk posture across diverse sectors. This is a client-facing position where you will work directly with Οrganisations of different sizes and from various sectors.
Responsibilities
· Advise clients on cybersecurity frameworks such as NIS2, ISO 27001, NIST, GDPR and maritime-specific regulations
· Conduct gap analyses, risk assessments and compliance readiness audits
· Provide CISO-as-a-Service advisory to clients, from small businesses to large enterprises
· Draft and implement cybersecurity policies, procedures and internal control frameworks
· Coordinate with technical teams and liaise with regulatory authorities
· Support clients with incident response planning and business continuity assessments
· Assist in the development of risk-informed GRC strategies that are practical and achievable
Required Skills and Experience
· Based in Athens, Greece, with the flexibility to work in a hybrid model — combining remote work, occasional office presence, and on-site client visits when necessary
· At least 3 years of experience in GRC, information security consulting or CISO-type roles
· Strong understanding of NIS2, ISO 27001, NIST, GDPR and related frameworks
· Excellent communication skills, including the ability to engage with both technical teams and senior management
· Experience leading or contributing to workshops, audits and regulatory mapping
· Comfortable working with clients from sectors such as public administration, maritime, energy and defence
Preferred Qualifications
· Experience in a fractional or freelance CISO role
· Familiarity with operational technology (OT), industrial control systems (ICS) or government environments
· Experience working in regulated or high-stakes environments (e.g. defence, energy, government)
· Relevant certifications such as CISA, CISSP, ISO 27001 Lead Auditor or equivalent