GRC Consultant (Junior/Medior)

About FuturWork

FuturWork is a European tech consulting ecosystem operating across Belgium and France. Our Cybersecurity practice helps organizations navigate complex regulatory environments and build resilient security frameworks. We work with leading enterprises across energy, finance, healthcare, and public sector.

We operate as a fully AI-augmented team. Every consultant at FuturWork is expected to leverage AI agents and automation tools to amplify their impact not just deliver traditional consulting.

Role Overview

As a GRC Consultant, you will support our clients in designing, implementing, and maturing their governance, risk, and compliance frameworks. You will work directly on NIS2, DORA, ISO 27001, and RGPD mandates across mid-market and enterprise accounts.

You are not just an auditor or a checkbox filler. You are a trusted advisor who translates regulatory complexity into actionable security strategy.

WHAT YOU'LL DO

–    Conduct gap analyses and risk assessments against regulatory frameworks (NIS2, DORA, ISO 27001, NIST CSF)

–    Design and implement governance frameworks, security policies, and control libraries

–    Support clients through certification processes and regulatory audits

–    Produce client-facing deliverables: risk registers, remediation roadmaps, board-ready reports

–    Leverage AI-assisted tools to accelerate analysis, documentation, and risk scoring

–    Collaborate with our Cybersecurity, Cloud, and IT Strategy practices on cross-vertical engagements

WHAT WE'RE LOOKING FOR

–    2–5 years of experience in cybersecurity consulting, audit, or GRC

–    Working knowledge of key frameworks: ISO 27001, NIS2, DORA, RGPD, NIST

–    French fluency required; professional English is a strong plus

–    Strong written and verbal communication, you can explain risk to a CISO and a CFO alike

–    Curious about AI tools and willing to integrate them into your daily workflow

–    Based in or willing to relocate to Paris

NICE TO HAVE

–    Certifications: ISO 27001 Lead Auditor / Lead Implementer, CISM, CRISC

–    Experience with DPO activities or RGPD compliance programs

–    Exposure to sector-specific regulations (DORA for finance, NIS2 for critical infrastructure)

–    Experience using AI tools in consulting delivery (LLM-assisted reporting, automated risk analysis)

Skills : ISO 27001, NIS2, DORA, RGPD, Risk Management

WHY FUTURWORK

–    Work on meaningful mandates with real clients, no bench time

–    AI-augmented delivery: we build internal tools so you spend less time on admin and more on impact

–    Access to FuturWork Academy for continuous upskilling

–    Transparent salary model and career progression framework

–    Hybrid model from our Paris office

–    Be part of a growing ecosystem : consulting, academy, and startup studio under one roof

Il arrive chez un client, fait le diagnostic de là où ils en sont sur NIS2, ISO 27001 ou DORA, identifie les écarts, et construit le plan pour les corriger. Il produit des livrables concrets : registre des risques, politiques de sécurité, roadmap de remédiation. C'est un exécutant de haut niveau qui monte en compétence sur la réglementation et apprend à parler aux équipes IT comme aux directions.