Freelance IT GRC Consultant – NIS2 & ISO27001 ImplementationProject DescriptionA leading organization in the critical infrastructure domain is undergoing a comprehensive IT Governance, Risk, and Compliance transformation, driven by upcoming NIS2 Directive requirements and the need for ISO27001 certification. Day-to-Day ResponsibilitiesLead the NIS2 readiness assessment, including gap analysis against current cybersecurity practices.Drive the ISO27001 implementation roadmap, from scoping to internal audit readiness.Define and implement Information Security Management Systems (ISMS) processes and documentation.Collaborate with Security, Network, and Cloud teams to align technical controls with policy requirements.Define and enforce GRC frameworks: policies, standards, procedures, and control matrices.Prepare and deliver compliance documentation, awareness training, and stakeholder reports.Liaise with internal audit, external consultants, and legal to ensure consistent interpretation of NIS2/ISO27001 obligations.Contribute to the development of incident response plans and crisis management protocols.Support the implementation of security monitoring, logging, and vulnerability management processes in alignment with compliance objectives.RequirementsExperience:Minimum 3 years in GRC, cybersecurity, or IT risk management roles.Proven experience with ISO27001 implementations (preferably end-to-end).Hands-on involvement in NIS (or NIS2) compliance projects is highly valued.Experience working in complex IT infrastructure environments, including hybrid cloud, on-prem data centers, and telecoms.Technical Knowledge:Strong understanding of cybersecurity frameworks (e.g., ISO27001, NIST CSF, CIS Controls).Familiarity with EU regulatory frameworks, especially NIS2, GDPR, and DORA (a plus).Knowledge of SIEM, endpoint protection, identity & access management, and cloud security principles.Understanding of network segmentation, patch management, encryption, and incident handling.Bonuses:Certifications such as ISO27001 Lead Implementer/Auditor, CISSP, CISM, or CRISC.Familiarity with GRC tools (e.g., ServiceNow GRC, RSA Archer, OneTrust).Fluency in DutchExperience working in regulated sectors (utilities, telecom, finance, public services).