Mission

To prepare the organization’s compliance with the NIS2 Directive, perform a comprehensive max 5-days gap assessment (referencing the Cyfun framework), that would result in concrete workforce planning and action plans, to complete all required documentation as well as to implement all required non-technical controls, to achieve NIS2 Basic certification by March/2026.

Key Responsibilities

Gap assessment

• Conduct a gap assessment of all required documentation, referencing the Cyfun framework, including but not per se limited to:
• Policies, but also
• Procedures, Processes, Registers, Evidences, Audit Readiness Checklist
• Conduct a gap assessment of all required non-technical processes/controls (i.e. for all domains except IT, that are involved to comply with NIS2) referencing the Cyfun framework, including, but not per se limited to:
• Executive Management involvement
• Human Resources: screening, onboarding, continuous awareness
• Supply Chain: due diligence, contractual clauses, supplier audits
• Culture & Awareness: internal campaigns
• Audit & Assurance: annual audit plan, corrective action register
• …

Reporting

• Map existing documentation, non-technical controls to Cyfun requirements; provide summary of assessment results
• Provide concrete workforce planning and action plans, to complete all required documentation as well as to implement all required non-technical controls, to achieve NIS2 Basic certification by March/2026.

Deliverables

• Comprehensive summary of aforementioned assessment results.
• Concrete workforce planning and action plans, to complete all required documentation as well as to implement all required non-technical controls, to achieve NIS2 Basic certification by March/2026.

Candidate Profile

Required Competencies & Experience

• Minimum 10 years of experience in cybersecurity audits, with a strong focus on governance and compliance, c.q. for non-technical domains (cfr above).
• Deep knowledge of relevant frameworks: Cyfun, ISO27001, NIST.
• Strong analytical skills for gap/maturity assessments and risk management.
• Excellent documentation and reporting abilities.

Certifications

• Recognized certifications in cybersecurity governance and audit are highly desirable.

Languages

• Fluency in French or Dutch required; English is a strong plus.

Personal Attributes

• Strong leadership and communication skills.
• Ability to work cross-functionally and engage with stakeholders at all levels.
• Proactive, detail-oriented.

Additional Context

This study is critical for ensuring the organization’s compliance with the NIS2 Directive, referencing the Cyfun framework, which mandates robust cybersecurity governance, risk management, and expertise. The role requires the ability to translate regulatory requirements into a pragmatic, actionable plan.