Telecom Risk Management Consultant

Job Title: Telecom Security Risk Consultant Overview: Join our team as a Telecom Security Risk Consultant, where you will spearhead comprehensive security risk assessments, threat modeling, and provide expert security consulting within mobile network and cloud-native telecom environments. In collaboration with leading tier 1 and tier 2 mobile network operators, you will establish assessment scope and methodology, evaluate architectures, validate evidence, and convey technical findings into clear, prioritized risks along with actionable remediation strategies. You will also play a key role in enhancing our processes through meticulous documentation, engaging client workshops, and ongoing refinement of our internal tools and methodologies. Immediate Projects: For the upcoming third quarter, we have identified two key missions in European timezones: Support our current Risk Assessment Expert in conducting an eSIM Risk Assessment (one month duration). Lead the RAN and OSS Risk Assessment, which includes Threat Modeling, Architecture Review, and Risk Analysis (three months duration). Key Responsibilities: Direct and execute in-depth telecom security risk assessments and consulting services for operators, vendors, and critical infrastructure initiatives, covering areas such as Security Architecture Reviews, RAN and OSS Risk Assessments, IMS Cloud Risk Assessments, and 5G Core Risk Assessments. Outline the scope of assessments, develop threat models, and establish risk methodologies; effectively translate technical findings into clear, actionable risk statements and remediation pathways. Conduct architecture and design evaluations across various telecom technologies including 2G to 5G, IMS, EPC, 5GC, RAN, OpenRAN, OSS, BSS, interconnect, roaming, and cloud-native platforms (Kubernetes and OpenStack), as well as wireline and other operational technology (OT) and information technology (IT) infrastructures. Assess security controls and ensure compliance with industry standards (such as GSMA, 3GPP, NIST and ISO principles), focusing on identity management, key handling, cryptographic choices, secure boot processes, supply chain security, and operational security. Create high-quality deliverables, including executive summaries, technical annexes, risk registers, reports, and presentations, ensuring consistency and reproducibility across all projects. Qualifications: A minimum of 8 years of experience in telecom security, network security, or risk consulting for telecom operators, infrastructure providers, or security vendors. Proven experience in consulting and client-facing roles with a strong emphasis on effective communication and stakeholder management. Demonstrated capability to perform security architecture reviews, translating complex technical issues into prioritized, business-relevant risks and actionable mitigations. Familiarity with telecom and security standards and guidelines (including 3GPP security, GSMA FS, GSMA NG, NIST, ISO 27001, and ISO 27002); relevant certifications are advantageous but not mandatory. Experience in AI-assisted delivery with a focus on privacy considerations, along with strong judgment to assess AI applicability and review AI-generated content for accuracy, completeness, and confidentiality. Proficiency in working with technical documentation such as network diagrams, high-level and low-level designs, configuration baselines, cloud manifests, logs, and packet captures; able to validate evidence and challenge assumptions effectively. Exceptional written and verbal communication skills; capable of producing structured reports and delivering presentations to both technical and executive audiences. Ability to work independently in a client-facing environment, manage multiple priorities, and deliver timely results across various engagements.