NIS2-ready in 6 months: complete security team for Tier-1 bank
About the organisation
Tier-1 bank with 17,000 employees, operating across 8 European countries. Regulated by DNB and ECB, with annual revenue exceeding 2 billion euros. The existing security team of 12 FTEs needed to be expanded to 20 FTEs to meet the NIS2 deadline.
The Challenge
The bank had until January 2026 to become fully NIS2-compliant, but was missing 8 crucial roles: a NIS2 programme manager, 2 GRC consultants with NIS2 experience, an incident response lead, 2 SOC analysts with DORA expertise, a security architect for network segmentation, and an OT security specialist for their payment infrastructure.
The internal recruitment team had found only 2 suitable candidates in 4 months. The combination of NIS2 knowledge, financial sector experience and required security clearances made the profile extremely scarce. Additionally, candidates had to be willing to work partly from the Amsterdam headquarters and partly from the operational centre in Eindhoven.
Our Solution
MVPeople Group deployed three service lines: MVPeople (interim) for the senior programme manager and incident response lead, MVProfessionals (secondment) for the 4 specialist roles with longer duration, and MVPrentice for 2 junior GRC analysts who could grow under the guidance of senior consultants.
Our NIS2 specialisation was decisive: we already had a shortlist of 14 pre-screened candidates with proven NIS2 implementation experience in the financial sector. Through our partnerships with ISACA NL and (ISC)2 Benelux, we could also reach passive candidates who were not actively on the market. Each candidate was pre-assessed on both technical NIS2 knowledge and cultural fit with the bank organisation.
Results
- All 8 positions filled within 6 weeks (vs. 4 months internally without result)
- NIS2 readiness assessment score from 34% to 91% in 5 months
- Security maturity increased from NIST CSF level 2 to level 4
- Zero critical findings in the DNB pre-audit
- 2 of the 8 professionals permanently hired after 12 months
“MVPeople understood exactly which profiles we needed. Where our own team searched for months without result, MVPeople presented eight qualified candidates within two weeks. The NIS2 knowledge they brought was unmatched.”
What the team says
“The pre-screening was excellent. Every candidate we spoke to had actual hands-on NIS2 implementation experience, not just theoretical knowledge. That saved us an enormous amount of time.”
“The MVPrentice concept was a smart addition. The two junior GRC analysts who joined through that programme are now permanent assets in our compliance team.”