Threat and Controls Assessment Consultant

Antal is a leading recruitment and HR advisory company, present in Poland since 1996 and later expanded to the Czech Republic and Hungary. Across the CEE region, it employs around 150 professionals delivering a full range of services including specialist and executive recruitment, employee outsourcing, HR consulting, employer branding, and market research. The company combines deep industry expertise with functional specialisation to provide tailored solutions for companies in every sector, acting as a trusted partner for both employers and candidates.

• Knowledge and exposure to Risk and Control Management.
• Ability to understand and assess threats, controls, and vulnerabilities, articulating them to both technical and business stakeholders.
• Industry-recognised cybersecurity certifications (e.g., CISSP, CRISC, CISM, or Cloud Security certifications) are desirable.
• Proven experience in general security concepts and principles.
• Hands-on experience with threat modelling and strong technical understanding of vulnerability assessment across diverse enterprise IT assets.
• Strong understanding of application design and architecture.
• Knowledge and experience in network, host, and application security practices.
• Good working knowledge of one or more Cloud Service Providers (AWS, GCP, or Azure).
• Strong understanding of the Software Development Life Cycle (SDLC) with a focus on security.
• Experience in continuous improvement and process optimisation.
• Understanding of emerging technologies and associated security threats.
• Experience working in international and diverse environments.
• Experience engaging with business, technology, regional, and regulatory stakeholders.
• Ability to effectively translate technical gaps into business risk for key stakeholders.

• Perform effective threat and control assessments of services within internal, external, and cloud environments.
• Liaise with Developers, Architects, and other Technical Leads to understand end-to-end services and identify control gaps.
• Understand business requirements, evaluate potential products/solutions, and provide technical recommendations.
• Be hands-on with technology and contribute to the design, development, and support of projects with security recommendations.
• Identify threats across the IT estate, including applications, databases, networks, and other infrastructure components.
• Engage with other Cybersecurity teams, senior management, and business stakeholders when addressing potential security issues.
• Contribute to process, procedure, and tool identification/development.
• Stay up to date with industry trends and best practices.