Information Security Management System Consultant

Looking for a role where you can help organizations achieve excellence in Information Security through ISO 27001? Do you want to support clients in assessing, implementing, auditing and/or certifying their Information Security Management System (ISMS)? Join our Risk Advisory team at BDO and help shape the future of secure, compliant and resilient organizations. Explore our BDO culture of expertise, warmth and personal growth.

Our clients face increasing pressure from customers, third parties and regulators to demonstrate compliance with international renowned information security standards such as ISO 27001. That’s where BDO’s ISO 27001 team comes in. We help organizations evaluate their current maturity, design and implement effective ISMS frameworks, perform internal audits, prepare for certification audits and/or perform certification audits.

As an Information Security Management System Consultant with a focus on ISO 27001, you’ll play a key role throughout the certification lifecycle: from opinion assessments and implementation projects to internal and certification audits. You’ll advise clients on pragmatic approaches to compliance, ensuring their ISMS not only meets the standard’s requirements but also adds real business value.

What will you be doing?

• Focus on Information Security Management System (ISO 27001) projects
• Perform ISO 27001 opinion assessments, identifying gaps and delivering actionable recommendations.
• Guide clients through ISMS design and implementation, help establish policies, risk management processes and control frameworks.
• Conduct internal audits in line with ISO 19011 and ISO 27001, reporting on (non)conformity and opportunities for improvement.
• Participate in certification audits, supporting clients in demonstrating compliance and continuous improvement.
• Conduct certification audits as part of accredited engagements, validating client compliance with ISO 27001.
• Advise on ISO 27002 Annex A controls and their integration within the client’s existing governance structures.
• Support clients in aligning ISO 27001 initiatives with related frameworks and regulations (NIS2, DORA, NIST CSF, …).
• Deliver workshops and training sessions to strengthen internal awareness and audit readiness.
• Collaborate with colleagues across our Cybersecurity, IT Audit, Third Party Assurance and GRC teams to provide comprehensive advisory services.

What do you bring to the table?

• Master’s degree in Information Security, Business Economics, Applied Economic Sciences, Commercial Engineering, Computer Science or related discipline. 
• 3–5 years’ relevant experience in information security, cybersecurity, ISMS consulting, auditing or certification.
• Fluent in English and professionally proficient in either Dutch or French.
• Strong understanding of ISO 27001, ISO 27002 and ISO 19011 audit methodologies.
• Familiarity with complementary frameworks and regulations such as NIS2, DORA and the NIST Cybersecurity Framework.
• Strong written and verbal communication skills, with experience presenting to senior management and boards.
• Proven ability to build client relationships, lead small teams and manage projects end-to-end.
• Excellent interpersonal and leadership skills; team player who thrives in collaborative environments.
• ISO 27001 Lead Implementer or Lead Auditor certification preferred (or willingness to obtain). Other certifications such as CISA or ITIL are an asset.

What do we bring to the table?

According to our own colleagues, it’s got something to do with the great team spirit and atmosphere within our organisation and the focus on their wellbeing… But hey, just take a look for yourself at what we got to offer 

• Culture: you will join a team of experts who encourage respect, diversity and teamwork. 
• Development: you decide the direction of your career, and we support you where necessary. 
• Impact: from day 1 you will be given responsibility, with support from your team. 
• Growth: you get access to a whole range of training courses through our BDO Academy. 
• Network: you can work on different projects and clients, across business practices. 
• Flexibility: you choose where you work with flexible working hours. 
• Wellbeing: your physical and mental health is important to us. 
• Proximity: you work in an open culture, so feel free to speak to anyone, at any level. 
• Salary: you receive a competitive salary package with interesting benefits. 
• Sustainability: you work within a company with an integrated sustainability policy. 

Ready to make your career count as an Information Security Management System Consultant (ISO 27001) at BDO? Apply now and let's grow together!