The organisation is a major bank strengthening group-wide cybersecurity oversight, and the Cisoaas Consultant will join the CISOaaS team to support subsidiaries with regulatory alignment and cloud security, notably DORA compliance. The role combines strategic risk assessment, roadmap development and hands-on governance so that subsidiary security postures meet enterprise standards and EU regulatory expectations.
The Mission
The immediate project is to assess subsidiary cyber risk and deliver a clear multi-year cybersecurity strategy and roadmap aligned with group security standards and EU regulations such as DORA and NIS2. Work spans policy, control mapping to ISO 27001 and NIST CSF, and practical measures to reduce risk exposure across IT and cloud estates.
In day-to-day delivery you will perform risk assessments, define priorities and produce executive-grade artefacts that drive remediation and investment decisions. You will work directly with subsidiary security teams, internal stakeholders and third-party providers to translate regulatory requirements into pragmatic actions, track remediation progress, and present concise updates to Senior Management. This is a six-month engagement with possible extension.
Your Responsibilities
- Assess current cyber risk posture and produce a prioritized set of gaps tied to business impact and regulatory requirements.
- Develop a multi-year cybersecurity strategy and roadmap that maps controls to DORA, NIS2, ISO 27001 and NIST CSF, and defines measurable milestones.
- Advise subsidiary leadership on investment priorities and short-term tactical controls to reduce critical exposure, with clear cost/benefit rationale.
- Translate complex security requirements into implementable actions for cloud, identity and operations teams, ensuring ownership and measurable outcomes.
- Drive remediation through regular status follow-up, issue escalation and coordination between internal teams and external providers.
- Produce concise senior-management deliverables and a communication kit that supports decision-making and stakeholder alignment.
Your Profile
Essential Skills
- Proven senior experience designing and implementing enterprise security programmes in regulated environments.
- Deep knowledge of EU cyber regulation and standards, including DORA, NIS2, ISO 27001 and NIST CSF, with ability to map regulations to controls.
- Practical expertise in cloud security for AWS and Azure architectures and in Identity & Access Management frameworks.
- Experience with SIEM/EDR deployment, threat intelligence integration, vulnerability and patch management.
- Strong communication skills, able to produce executive summaries and present technical topics to C-level and technical teams.
- Self-starter, results-oriented and able to work across multiple departments and third parties.
Preferred Skills
- Relevant professional certifications such as CISSP, CISA, CRISC, CCSP, or cloud security specialties for Azure/AWS.
Languages
- French, CEFR C1
- Dutch, CEFR C1
- English, CEFR C1
Education
- Master degree or equivalent professional experience