You take the lead in defining and delivering the organisation's NIS2 compliance roadmap. You work at the intersection of cybersecurity, regulation and enterprise transformation, guiding multidisciplinary teams through a multi-year programme that impacts strategy, technology, governance and operations.
You will:
* Shape the NIS2 strategy, from gap analysis to roadmap definition, prioritisation and budgeting
* Lead a cross-functional programme (IT, Legal, Compliance, Business) and coordinate activities end-to-end
* Ensure alignment with European and national cybersecurity requirements, and embed standards such as
ISO 27001
,
NIST
and
CIS Controls
* Oversee the implementation of NIS2 security measures across technology, processes and governance
* Strengthen incident response, crisis management and regulatory notification procedures
* Maintain the organisation's cybersecurity risk register and steer the improvement of detection and response capabilities
* Manage third-party and supply chain risks, enforcing due diligence and NIS2-aligned controls
* Engage with regulators and competent authorities when required
* Drive awareness, communication and training on cybersecurity and NIS2 across all levels
* Report on progress, risks and decisions to executive leadership and program boards
What are we looking for?
Must-have experience:
* 7–10+ years in cybersecurity and programme or transformation leadership
* Demonstrated experience delivering regulatory compliance programmes (e.g.
NIS2
,
GDPR
,
DORA
)
* Strong expertise in security governance, policies, frameworks and risk management
* Solid understanding of incident response processes and crisis coordination
* Experience managing multi-team, multi-stakeholder programmes with executive visibility
* Strong communication, leadership and stakeholder management skills
* Comfortable working autonomously, structuring priorities and driving decision-making
* Experience in public sector or European institutional environments is a strong plus
* Fluent in
French
or
English
(both required at professional level); Dutch is a plus.
Nice-to-have Skills
* Certifications:
CISSP
,
CISM
,
CISA
,
PMP/PRINCE2
* Familiarity with other EU regulations (Cyber Resilience Act, eIDAS, AI Act)
* Experience engaging directly with
CSIRT/CERT
or national regulators
* Background in highly regulated industries or critical infrastructure
What do we offer?
Contract: Freelance or Permanent
Location: Brussels (hybrid, 3 days/week on-site)
Duration: 05/01/ /05/2026