Expert NIS2
Paradigm, identified as an essential service with regard to NIS2, must restart and structure its NIS2 compliance program.
The mission aims to establish an operational NIS2 program structure, support the resumption of program management, and provide support as well as knowledge transfer to the person who will assume the role of internal Programme Manager.
The consultant will mainly act as a NIS2 expert, supporting and assisting the internal Programme Manager. On a very provisional basis, and only during the start-up phase, the consultant may temporarily adopt the role of Programme Manager in order to set up the NIS2 program structure: governance, management rituals, prioritization, roadmap, and reporting. This intervention is intended to establish the program’s operating framework, without permanently replacing the internal function.
Justification:
The NIS2 program must be relaunched on clarified, prioritized, and demonstrable bases in order to meet the expectations applicable to essential services and secure Paradigm’s compliance trajectory.
External support will help consolidate elements already available, structure governance, facilitate the prioritization of actions, identify quick wins, and strengthen the autonomy of the internal Programme Manager.
The proposed approach will be based on a risk-based logic and the definition of a “Minimum Viable Compliance” foundation, in order to focus efforts on the real risks impacting the organization’s essential activities.
Scope of the mission:
- Structured review of the existing NIS2 program, based on reports, self-assessments, gap analyses, produced documents, and action plans already available
- Clarification, at the start of the mission, of the intervention scope with the consultant, the sponsor, the CISO, and the GRC team, taking into account work already planned or completed
- Review of the business activity mapping, critical services, and internal and external dependencies, including suppliers, as well as their alignment with cyber risks
- Objectification of the program’s points of attention, identification of elements requiring clarification or consolidation, and highlighting levers to facilitate further progress, prioritization, and management
- Identification of quick wins to rapidly reignite the compliance momentum
- Definition of a risk-based methodological approach to prioritize actions according to the real risks to essential activities
- Definition of a Minimum Viable Compliance approach, including a clarified scope, defined governance, mapping of critical activities, prioritized action plan, and the first associated evidence
- Support, assistance, and training for the internal Programme Manager to enable sustainable takeover of the NIS2 program
- Construction of a phased, graduated, and iterative roadmap covering immediate actions, priority remediations, industrialization of management, and continuous improvement
Objective:
Enable Paradigm to regain control of its NIS2 program, focus efforts on real priorities, and have a credible trajectory toward sustainable compliance.
- Rapidly relaunch the NIS2 compliance momentum
- Structure clear governance and management of the program
- Prioritize actions according to cyber risks and essential activities
- Define a minimal, realistic, and demonstrable compliance foundation
- Strengthen the autonomy of the internal Programme Manager through expert support and knowledge transfer
Expected deliverables:
As part of the expert NIS2 support mission for Paradigm, the consultant will produce the following deliverables:
Scoping and consolidation of the NIS2 program:
- Scoping note for the mission and confirmation of the scope with stakeholders. Definition of the project charter and program planning
- Structured synthesis of existing elements: reports, self-assessments, gap analyses, governance documents, action plans, and available evidence
- Matrix of points of attention, areas to clarify, dependencies, and decisions to be arbitrated
Mapping, criticality, and risk-based prioritization:
- Review of the relevance of the existing business mapping and its alignment with critical services
- Identification of significant internal and external dependencies, notably suppliers and support services
- Link between critical activities, cyber risks, NIS2 requirements, and remediation priorities
Risk-based methodological approach and Minimum Viable Compliance
- Methodological approach for prioritization based on actual risks to essential activities
- Definition of the expected Minimum Viable Compliance foundation to ensure compliance is progressive, realistic, and demonstrable
- Identification of initial evidence to be created or consolidated
Improvement plan and roadmap:
- Prioritized improvement plan, distinguishing quick wins, immediate actions, priority remediations, and industrialization initiatives
- Phased, graduated, and iterative roadmap for managing the NIS2 program
- Governance recommendations, monitoring reports, indicators, and reporting mechanisms
Support for the internal Programme Manager:
- Support sessions, coaching, and knowledge transfer for the internal Programme Manager
- Preparation and facilitation of targeted workshops with relevant stakeholders
- Support for structuring decisions, arbitrations, and follow-ups needed to relaunch the program
Reporting and feedback:
- Periodic progress reports: status of actions, risks, pending decisions, and blocking points
- Feedback presentation to management, including program status, priorities, and proposed trajectory
- Capitalization of methodological resources useful for continuing the program after the mission
Expected profile:
The consultant must have proven experience in supporting major or essential entities regarding NIS2 and the CYFUN Framework, ideally in the public sector.
- Confirmed experience in cybersecurity governance, NIS2 compliance, risk management, and structuring compliance programs
- Knowledge of digital and public service environments
- Reference certifications expected: CISSP, CISM, and ISO 27001 Senior Lead Implementer, or demonstrable equivalents
- Ability to support an internal Programme Manager, train stakeholders, and produce executive deliverables usable by management
Mission terms:
- Role: NIS2 expert consultant in support and assistance of the internal Programme Manager, without taking on the role of interim Programme Manager
- Estimated duration: 50 days
- Indicative pace: 1 to 2 days per week, with the possibility to reinforce support at start-up or spread it over time according to program priorities
- Internal coordination: involvement of the internal Programme Manager from the outset, with initial availability expected at about one day per week and a planned ramp-up from September
- Intervention methods: document analysis, interviews, targeted workshops, and validation points with stakeholders, on-site and/or remote
- Desired start date: ASAP, subject to procurement validation and, if applicable, Board of Directors authorization
Additional information:
The mission may be extended for a maximum duration (including the initial duration) of: 880 working days.
Apply for this Job
This position was originally posted on Pro Unity.
It is publicly accessible, and we recommend applying directly through the Pro Unity website instead of going through third party recruiters.
Search jobs by category
- AI Engineer
- Application Support Analyst
- Business Analyst
- Business Intelligence Analyst
- CRM Developer
- Cybersecurity Analyst
- Data Analyst
- Database Administrator
- Data Engineer
- Data Scientist
- Developer
- DevOps Engineer
- Embedded Systems Engineer
- ERP Consultant
gofreelance
© 2026 gofreelance.be