A major public transport operator maintains a central security office to define and run its cybersecurity programme, and this role exists to drive regulatory compliance and policy across the organisation. You will work inside the Chief Security Officer team, leading the NIS2 compliance project and maintaining the information security policy, using ISO27001 and NIST principles to shape controls and risk treatment.
The mission
The organisation is implementing a formal information security governance layer to meet NIS2 requirements and gain an external certification at the ‘essential’ level. The technical landscape spans corporate IT and operational systems, with security controls implemented by the IT department and overseen by the CSO office. Your work influences cross-departmental processes and contributes to the organisationwide security posture.
Day to day you will act as the Project Manager for NIS2 compliance, translate regulatory requirements into actionable plans, and run the delivery of those plans with the Information Security Manager and IT teams. You will keep the information security policy up to date, track remediation actions, prepare posture dashboards and present progress to senior stakeholders.
Your responsibilities
- Lead the NIS2 compliance programme, owning the project plan, milestones, and certification readiness checks
- Maintain and enforce the organisation's information security policy so it aligns with the defined risk appetite and applicable standards such as ISO27001
- Drive implementation and verification of cybersecurity measures across systems and networks in coordination with the IT department
- Coordinate stakeholders across operational and corporate teams to embed security requirements into existing processes
- Translate technical findings into clear risk statements and recommended actions for non-technical audiences and senior management
- Produce regular reports and dashboards on security posture, open risks, and status of remediation plans
Your profile
Essential skills
- Around 4 years of professional experience in cybersecurity, information security or an IT role with security responsibilities
- Practical understanding of ISO27001 and NIST security principles and how they map to organisational controls
- Experience in project management, tracking deliverables, and reporting to senior stakeholders
- Ability to assess information security risks and define prioritized action plans
- Strong written and verbal communication skills, able to simplify technical concepts for non-technical teams
Preferred skills
- Exposure to NIS2 requirements and certification processes
- Basic certification such as Security+ or ISO 27001 Foundation, completed or in progress
- Experience contributing to security awareness or training initiatives
Education
- Bachelor or Master in computer science, information security, or a related field