We are seeking an experienced NIS2 GRC Lead to drive regulatory readiness and uplift across a global organisation. This role will translate NIS2 requirements into a clear, practical compliance programme with demonstrable outcomes.
Key Responsibilities
* Consolidate existing assessments (NIS2, ISO 27001, risk, supplier, BC/DR) into a validated NIS2 compliance baseline.
* Confirm scope and entity classification (Essential/Important) and map critical services, systems and suppliers.
* Translate regulatory obligations into clear controls, evidence requirements and reporting expectations.
* Develop and deliver a prioritised compliance roadmap across governance, process, technology and third parties.
* Implement incident reporting processes (24h early warning, 72h notification, 1-month final report).
* Strengthen supplier risk management and contractual security requirements.
* Establish governance, KPIs, board reporting and audit readiness for regulator engagement.
Required Experience
* Proven delivery of NIS2, NIS, DORA, ISO 27001 or comparable regulatory compliance programmes.
* Strong ability to convert assessments into actionable remediation plans.
* Deep understanding of risk management, incident response, supplier risk and operational security controls.
* Confident working cross-functionally across Technology, Security, Legal, Procurement and Operations.
Deliverables
* Consolidated NIS2 compliance baseline
* Defined scope, classification and critical asset mapping
* Detailed compliance roadmap (priorities, timelines, RACI, budget)
* Incident reporting workflows and templates
* Enhanced supplier security framework
* Board-level dashboard and assurance plan