A public-sector organisation is implementing the European Union NIS2 directive and needs a senior coordinator to lead the transition to compliance. The role focuses on translating an Information Security Management System (ISMS) into operational policies and technical and organisational measures, working closely with suppliers and internal stakeholders, with strong expertise in NIS2 and information security.
The mission
The organisation is updating its security and compliance baseline to meet NIS2 requirements across multiple business units and third-party providers. The technical landscape includes an existing ISMS, cloud-hosted services, and on-premise enterprise systems; the work matters because NIS2 will change reporting, incident handling, and supervisory obligations for the organisation within the European Union.
You will lead the coordination of that programme, steering policy definition, control selection, and implementation plans. Day to day you will run stakeholder management and project governance, track remediation activities, prepare evidence for audits and inspections, and report progress to senior management and regulators. You will operate at a senior level with direct responsibility for aligning technical teams, suppliers and legal/compliance colleagues to delivery timelines.
Your responsibilities
- Lead the definition and rollout of information security policies and controls required for NIS2 compliance, ensuring alignment with the ISMS
- Coordinate suppliers, internal IT teams and business owners to translate controls into implemented technical and organisational measures
- Manage project governance, schedules and reporting using Agile or Prince2 approaches to ensure deliverables meet agreed timelines
- Prepare and support the organisation for audits, inspections and supervisory engagements by producing evidence packs and briefing stakeholders
- Monitor and report programme progress and risk to senior stakeholders, recommending mitigations where delivery or compliance gaps appear
- Advise on pragmatic security controls that balance cyber risk with operational requirements and oversee their adoption across enterprise systems
Your profile
Essential skills
- Minimum 10 years experience in complex enterprise IT environments, with at least 5 years focused on information security in operational or organisational contexts
- Proven experience implementing and rolling out an Information Security Management System (ISMS) and related control frameworks
- Direct experience with NIS2, Cyber Fundamentals and practical application of security controls across technical and organisational domains
- Strong project and stakeholder management skills, comfortable using Agile and Prince2 practices for governance and delivery
- Track record preparing organisations for audits, inspections or supervisory processes and producing compliance evidence
- Excellent communicator able to translate security risk into business-relevant recommendations and gain buy-in from diverse stakeholders
- Experience in the public sector or social security organisations is a strong advantage