A major organisation is implementing the European NIS2 directive to consolidate its cybersecurity posture and regulatory compliance. This interim CISO role exists to lead the NIS2 implementation and set up security governance, combining board reporting and cyber risk management with hands-on delivery of technical and organisational controls.
The mission
The immediate project is a full NIS2 implementation across IT and OT domains, including a formal gap analysis, an actionable roadmap, and the establishment of a security governance framework aligned with NIS2 requirements. The programme covers policy development, incident response, supply chain security and technical controls, and will affect multiple business units and third-party suppliers.
In day-to-day terms you will own the implementation lifecycle from gap analysis through to knowledge transfer and steady-state governance. You will work with a cross-functional team of 8–12 people, coordinate with IT, legal and compliance, report to executive leadership and the board, and ensure deliverables meet audit and regulator expectations within defined timelines.
Your responsibilities
- Lead the NIS2 gap analysis and deliver a clear, prioritised roadmap that maps controls to regulatory requirements and business impact.
- Establish and operationalise a security governance framework that enables repeatable board reporting and audit evidence.
- Advise executive leadership and the board on cyber risk, presenting measurable risk posture and recommended mitigations.
- Implement technical and organisational controls required for NIS2 compliance, including incident response, supplier risk measures and evidence collection.
- Drive policy development and documentation, translating regulatory requirements into actionable procedures and role responsibilities.
- Transfer knowledge to internal teams, build capability and set up ongoing reporting and assurance processes.
Your profile
Essential skills
- Minimum 8–10 years in information security management with 3–5 years at CISO or equivalent leadership level.
- Proven experience with NIS2 implementation or similar frameworks such as ISO 27001 or SOC 2.
- Strong capability in cyber risk management and board reporting, converting technical risk into executive-level decisions.
- Hands-on experience designing and implementing security governance frameworks and security architecture.
- Demonstrable stakeholder management with executives, legal, compliance and operational teams.
- Experience developing security policies, incident response processes and supplier security measures.
- Relevant certification such as CISM, CISSP or ISO 27001 Lead Implementer.
Education
- Degree in computer science, information security or equivalent professional experience.