Head of Cybersecurity (GRC) / vCISO NIS2/DORA
NimberPortugal15 hours ago
Full-timeRemote FriendlyInformation Technology
Track This Job
Add this job to your tracking list to:
- Monitor application status and updates
- Change status (Applied, Interview, Offer, etc.)
- Add personal notes and comments
- Set reminders for follow-ups
- Track your entire application journey
Save This Job
Add this job to your saved collection to:
- Access easily from your saved jobs dashboard
- Review job details later without searching again
- Compare with other saved opportunities
- Keep a collection of interesting positions
- Receive notifications about saved jobs before they expire
AI-Powered Job Summary
Get a concise overview of key job requirements, responsibilities, and qualifications in seconds.
Pro Tip: Use this feature to quickly decide if a job matches your skills before reading the full description.
Secure what matters. Build what lasts.
Were growing Nimber Cyber Defend and looking for a senior security leader who blends governance & regulation with real-world engineering. If you can translate risk into board decisions, stand up pragmatic controls, and guide regulated clients through NIS2/DORA/ISO 27001 without the theaterlets talk.
What Youll Do
Were growing Nimber Cyber Defend and looking for a senior security leader who blends governance & regulation with real-world engineering. If you can translate risk into board decisions, stand up pragmatic controls, and guide regulated clients through NIS2/DORA/ISO 27001 without the theaterlets talk.
What Youll Do
- Own the security program for a portfolio of clients (regulated sectors): strategy, policies, control framework, KPIs/KRIs, and board reporting.
- Lead NIS2/DORA readiness: gap assessments, remediation roadmap, third-party risk, operational resilience, and evidence packs.
- Build/maintain ISO/IEC 27001: SoA, risk treatment plans, internal audits, certification readiness.
- Drive privacy-by-design with Legal/Data (GDPR, DPIAs) across cloud & data products.
- Establish cloud & identity guardrails (M365/Azure/AWS, Entra/Okta), baseline hardening, vulnerability and patch governance.
- Oversee SIEM/SOAR & EDR operations (e.g., Microsoft Sentinel/Splunk; Defender/CrowdStrike).
- Run IR governance (playbooks, tabletop exercises), improve MTTD/MTTR, and measure what matters.
- Mentor a compact team; coordinate partners for red teaming, DFIR, and audits.
- 8+ years in Information Security with 3+ leading GRC / Security Programs (CISO, vCISO, Head of GRC, or similar).
- Track record delivering NIS2/DORA or ISO 27001 in production environments.
- One or more: C|CISO, CISSP, CISM, ISO 27001 LA/LI, CCSP, AZ-500/SC-200 (or equivalent).
- Comfortable with Azure/M365 security, Entra/Okta, Sentinel/Splunk, EDR ecosystems.
- Strong executive communication: you brief boards, align budgets, and land change.
- Fluent English; Portuguese is a plus. Based in Lisbon/Porto with client-onsite availability when needed.
- Impact, not theater: boutique team, hands-on engineers, fast time-to-value.
- Greenfield & autonomy: help shape our Cyber Defend playbooks, tooling, and hiring.
- Growth & learning: budget for certs/conferences, peer coaching, and modern stacks.
- Hybrid by default (Lisbon/Porto), flexible schedule, trust-first culture.
- 30 days: baseline risk & NIS2 Quick Scan, policy gap list, KPI/KRI pack.
- 60 days: board-ready roadmap, supplier risk method, M365/Identity hardening plan.
- 90 days: controls in production (top risks remediated), SIEM monitoring live, 1st tabletop done.
Key Skills
Ranked by relevanceReady to apply?
Join Nimber and take your career to the next level!
Application takes less than 5 minutes