-
View all jobs
Secure what matters. Build what lasts.
Were growing Nimber Cyber Defend and looking for a senior security leader who blends governance & regulation with real-world engineering. If you can translate risk into board decisions, stand up pragmatic controls, and guide regulated clients through NIS2/DORA/ISO 27001 without the theaterlets talk.
What Youll Do
Were growing Nimber Cyber Defend and looking for a senior security leader who blends governance & regulation with real-world engineering. If you can translate risk into board decisions, stand up pragmatic controls, and guide regulated clients through NIS2/DORA/ISO 27001 without the theaterlets talk.
What Youll Do
- Own the security program for a portfolio of clients (regulated sectors): strategy, policies, control framework, KPIs/KRIs, and board reporting.
- Lead NIS2/DORA readiness: gap assessments, remediation roadmap, third-party risk, operational resilience, and evidence packs.
- Build/maintain ISO/IEC 27001: SoA, risk treatment plans, internal audits, certification readiness.
- Drive privacy-by-design with Legal/Data (GDPR, DPIAs) across cloud & data products.
- Establish cloud & identity guardrails (M365/Azure/AWS, Entra/Okta), baseline hardening, vulnerability and patch governance.
- Oversee SIEM/SOAR & EDR operations (e.g., Microsoft Sentinel/Splunk; Defender/CrowdStrike).
- Run IR governance (playbooks, tabletop exercises), improve MTTD/MTTR, and measure what matters.
- Mentor a compact team; coordinate partners for red teaming, DFIR, and audits.
- 8+ years in Information Security with 3+ leading GRC / Security Programs (CISO, vCISO, Head of GRC, or similar).
- Track record delivering NIS2/DORA or ISO 27001 in production environments.
- One or more: C|CISO, CISSP, CISM, ISO 27001 LA/LI, CCSP, AZ-500/SC-200 (or equivalent).
- Comfortable with Azure/M365 security, Entra/Okta, Sentinel/Splunk, EDR ecosystems.
- Strong executive communication: you brief boards, align budgets, and land change.
- Fluent English; Portuguese is a plus. Based in Lisbon/Porto with client-onsite availability when needed.
- Impact, not theater: boutique team, hands-on engineers, fast time-to-value.
- Greenfield & autonomy: help shape our Cyber Defend playbooks, tooling, and hiring.
- Growth & learning: budget for certs/conferences, peer coaching, and modern stacks.
- Hybrid by default (Lisbon/Porto), flexible schedule, trust-first culture.
- 30 days: baseline risk & NIS2 Quick Scan, policy gap list, KPI/KRI pack.
- 60 days: board-ready roadmap, supplier risk method, M365/Identity hardening plan.
- 90 days: controls in production (top risks remediated), SIEM monitoring live, 1st tabletop done.
Key Skills
Ranked by relevance
cloud
cissp
gdpr
cism
ccsp
siem
Related Jobs
3 roles aligned with this opportunity
View Job Details
Related
Penetration Tester (Red Team)
2026-01-30
Full-time
Not Applicable
Portugal
IT Services
Information Technology
View Job Details
Related
Frontend Developer (React)
2026-02-20
Full-time
Mid-Senior
Portugal
IT Services
Engineering
View Job Details
Related
Fullstack Developer
2026-02-13
Full-time
Not Applicable
Portugal
IT Services
Engineering
Login to Apply
- Posted
- Nov 18, 2025
- Type
- Full-time
- Level
- Mid-Senior
- Location
- Porto
- Company
- Nimber
Industries
IT Services
IT Consulting
Categories
Information Technology
Related Jobs
3 roles aligned with this opportunity
View Job Details
Related
Penetration Tester (Red Team)
2026-01-30
Full-time
Not Applicable
Portugal
IT Services
Information Technology
View Job Details
Related
Frontend Developer (React)
2026-02-20
Full-time
Mid-Senior
Portugal
IT Services
Engineering
View Job Details
Related
Fullstack Developer
2026-02-13
Full-time
Not Applicable
Portugal
IT Services
Engineering