Freelance IT GRC Consultant – NIS2 & ISO27001 Implementation
Project Description
A leading organization in the critical infrastructure domain is undergoing a comprehensive IT Governance, Risk, and Compliance transformation, driven by upcoming NIS2 Directive requirements and the need for ISO27001 certification.
Day-to-Day Responsibilities
* Lead the NIS2 readiness assessment, including gap analysis against current cybersecurity practices.
* Drive the ISO27001 implementation roadmap, from scoping to internal audit readiness.
* Define and implement Information Security Management Systems (ISMS) processes and documentation.
* Collaborate with Security, Network, and Cloud teams to align technical controls with policy requirements.
* Define and enforce GRC frameworks: policies, standards, procedures, and control matrices.
* Prepare and deliver compliance documentation, awareness training, and stakeholder reports.
* Liaise with internal audit, external consultants, and legal to ensure consistent interpretation of NIS2/ISO27001 obligations.
* Contribute to the development of incident response plans and crisis management protocols.
* Support the implementation of security monitoring, logging, and vulnerability management processes in alignment with compliance objectives.
Requirements
Experience:
* Minimum 3 years in GRC, cybersecurity, or IT risk management roles.
* Proven experience with ISO27001 implementations (preferably end-to-end).
* Hands-on involvement in NIS (or NIS2) compliance projects is highly valued.
* Experience working in complex IT infrastructure environments, including hybrid cloud, on-prem data centers, and telecoms.
Technical Knowledge:
* Strong understanding of cybersecurity frameworks (e.g., ISO27001, NIST CSF, CIS Controls).
* Familiarity with EU regulatory frameworks, especially NIS2, GDPR, and DORA (a plus).
* Knowledge of SIEM, endpoint protection, identity & access management, and cloud security principles.
* Understanding of network segmentation, patch management, encryption, and incident handling.
Bonuses:
* Certifications such as ISO27001 Lead Implementer/Auditor, CISSP, CISM, or CRISC.
* Familiarity with GRC tools (e.g., ServiceNow GRC, RSA Archer, OneTrust).
* Fluency in Dutch
* Experience working in regulated sectors (utilities, telecom, finance, public services).