NIS2 ISO27 GRC Consultant (Freelance)

Freelance IT GRC Consultant – NIS2 & ISO27001 Implementation

Project Description

A leading organization in the critical infrastructure domain is undergoing a comprehensive IT Governance, Risk, and Compliance transformation, driven by upcoming NIS2 Directive requirements and the need for ISO27001 certification.

Day-to-Day Responsibilities

• Lead the NIS2 readiness assessment, including gap analysis against current cybersecurity practices.
• Drive the ISO27001 implementation roadmap, from scoping to internal audit readiness.
• Define and implement Information Security Management Systems (ISMS) processes and documentation.
• Collaborate with Security, Network, and Cloud teams to align technical controls with policy requirements.
• Define and enforce GRC frameworks: policies, standards, procedures, and control matrices.
• Prepare and deliver compliance documentation, awareness training, and stakeholder reports.
• Liaise with internal audit, external consultants, and legal to ensure consistent interpretation of NIS2/ISO27001 obligations.
• Contribute to the development of incident response plans and crisis management protocols.
• Support the implementation of security monitoring, logging, and vulnerability management processes in alignment with compliance objectives.

Requirements

Experience:

• Minimum 3 years in GRC, cybersecurity, or IT risk management roles.
• Proven experience with ISO27001 implementations (preferably end-to-end).
• Hands-on involvement in NIS (or NIS2) compliance projects is highly valued.
• Experience working in complex IT infrastructure environments, including hybrid cloud, on-prem data centers, and telecoms.

Technical Knowledge:

• Strong understanding of cybersecurity frameworks (e.g., ISO27001, NIST CSF, CIS Controls).
• Familiarity with EU regulatory frameworks, especially NIS2, GDPR, and DORA (a plus).
• Knowledge of SIEM, endpoint protection, identity & access management, and cloud security principles.
• Understanding of network segmentation, patch management, encryption, and incident handling.

Bonuses:

• Certifications such as ISO27001 Lead Implementer/Auditor, CISSP, CISM, or CRISC.
• Familiarity with GRC tools (e.g., ServiceNow GRC, RSA Archer, OneTrust).
• Fluency in Dutch
• Experience working in regulated sectors (utilities, telecom, finance, public services).