• *Job Title: Cybersecurity Governance Consulting Lead**
Duration: 12 Months (Extension Possible + Long-Term Ad Hoc Support)
• *Start Date: ASAP**
• *Location: Remote**
(Occasional Expensed Travel)
• *Note: Must be comfortable supporting EU time zones**
• *Position Overview**
We are seeking a senior-level
• *NIS2 & Cybersecurity Governance Consulting Lead**
to drive an enterprise-wide cybersecurity remediation initiative. This individual will operate as a Lead/Co-Lead alongside a delivery lead and serve as the primary subject matter expert for cybersecurity governance, regulatory compliance, and enterprise risk management.
This role requires a strong balance of technical/architectural cybersecurity expertise and governance/strategy leadership to effectively design, implement, and remediate enterprise security programs. The engagement will be closely monitored and requires prior experience leading cybersecurity remediation initiatives.
• *Key Responsibilities:**
• *Strategic & Technical Leadership**
Serve as SME for NIS2 and enterprise cybersecurity governance programs
Lead development and execution of cybersecurity compliance initiatives
Provide regulatory interpretation and implementation guidance
Ensure alignment with NIS2, NIST CSF, ISO/IEC 27001/27002, and ISO 27005
• *Enterprise Risk & Assessments**
Lead enterprise asset, control, and risk assessments
Apply risk-based methodologies aligned to ISO 27005
Validate maturity models and gap assessments
Develop prioritized remediation roadmaps
• *Governance & Framework Development**
Design and maintain integrated cybersecurity governance frameworks
Define roles, RACI structures, and escalation models
Develop cybersecurity policies, standards, and procedures
Align controls to regulatory and industry frameworks
• *Incident Response & Resilience**
Provide leadership in incident response and regulatory reporting
Develop playbooks and facilitate tabletop exercises
Conduct post-incident defensibility reviews
Support cyber resilience and business continuity programs
• *Third-Party & Supply Chain Risk**
Lead vendor cybersecurity risk programs
Oversee third-party assessments and monitoring strategies
Integrate supplier risk into enterprise governance
• *Audit & Regulatory Engagement**
Lead audit readiness and mock inspection activities
Support regulatory inquiries and responses
Ensure evidence traceability and regulatory defensibility
Serve as senior advisor during audits
• *Executive Advisory & Stakeholder Engagement**
Act as trusted advisor to executives and IT leadership
Deliver executive-level briefings and governance updates
Facilitate workshops and governance forums
Support organizational change and adoption initiatives
• *Delivery Oversight & Mentorship**
Review and approve critical deliverables
Mentor consulting team members
Contribute to methodology development
Ensure consistency and quality across engagements
• *Required Qualifications**
Bachelor’s degree in Information Security, Computer Science, Engineering, Risk Management, or related field (Master’s preferred)
10+ years of experience in cybersecurity, IT risk, compliance, or governance
Proven experience leading enterprise security or regulatory transformation programs
Deep expertise in NIS2, NIST CSF, ISO/IEC 27001/27002, ISO 27005
Experience in regulated industries (life sciences, healthcare, manufacturing, finance preferred)
Strong knowledge of enterprise IT environments (cloud, identity, infrastructure)
Prior cybersecurity remediation leadership experience required
• *Preferred Certifications**
• *CISSP**
• *CISM**
• *CRISC**
• *ISO 27001 Lead Implementer or Lead Auditor**
• *CISA (Preferred)**
• *Core Competencies**
Regulatory interpretation and application
Risk-based decision making
Governance design and implementation
Executive communication and stakeholder management
Audit defensibility and compliance readiness
Strong analytical and documentation capabilities