The regulatory landscape for cybersecurity is changing profoundly. NIS2, DORA, ISO 27001 and tightened GDPR enforcement present organisations with complex compliance challenges. MVPeople Group delivers the GRC specialists who bring structure to your governance, risk management and compliance. Through MVProjects we also support complete compliance projects.
The European Union has introduced an ambitious package of cybersecurity and digital resilience legislation in recent years. NIS2 extends the scope of mandatory cybersecurity measures to a much larger number of organisations and sectors. DORA sets far-reaching requirements for the digital operational resilience of financial institutions.
For Dutch organisations this means that compliance is no longer a paper exercise but a strategic investment in digital resilience. Board members become personally liable for non-compliance with NIS2. The fines are substantial and supervisory authorities are becoming more active.
At the same time, market pressure is increasing. Clients, suppliers and partners demand ISO 27001 certification, SOC 2 Type II reports or demonstrable NIS2 compliance as a condition for collaboration. Organisations that do not meet these requirements lose business opportunities.
MVPeople Group closely follows these developments and has a network of GRC professionals who not only know the new regulations but also know how to implement them in the daily practice of organisations.
The Network and Information Security Directive 2 sets stricter cybersecurity requirements for essential and important entities. Organisations must implement risk management measures, report incidents and ensure board-level accountability. Fines can reach up to 10 million euros or 2% of global annual turnover.
The Digital Operational Resilience Act is specifically aimed at the financial sector and sets requirements for ICT risk management, incident reporting, digital resilience testing and management of ICT third-party providers. From 2025, financial institutions must be fully DORA-compliant.
The international standard for information security provides a systematic framework for establishing, implementing and continuously improving an Information Security Management System (ISMS). ISO 27001 certification is a requirement from clients and partners for many organisations.
Service Organisation Controls reports demonstrate that an organisation has adequate internal controls in place. SOC 2 Type II and ISAE 3402 are particularly relevant for service providers that process client data.
From strategic compliance officers to operational audit specialists: we cover the full GRC spectrum.
Monitors adherence to laws and regulations and advises management on compliance risks.
Identifies, assesses and mitigates risks in the areas of information security and business continuity.
Leads internal and external audits, guides certification programmes and advises on ISMS improvement.
Guides organisations through the implementation of NIS2 requirements and board-level accountability.
Implements DORA requirements for financial institutions: ICT risk management, incident reporting and resilience testing.
Conducts independent audits to assess the effectiveness of internal controls.
GRC stands for Governance, Risk & Compliance. It is an integrated approach through which organisations structure and safeguard their governance framework (governance), risk management (risk) and adherence to laws and regulations (compliance). Without effective GRC management, an organisation risks fines, reputational damage and operational disruptions. With the introduction of NIS2, DORA and increased enforcement, GRC is not a luxury but a necessity.
NIS2 is the successor to the first EU Network and Information Security Directive and significantly broadens its scope. The directive applies to essential entities (energy, transport, health, water, digital infrastructure) and important entities (postal services, waste management, food, chemicals, manufacturing, digital services). Organisations with more than 50 employees or a turnover exceeding 10 million euros in these sectors fall under NIS2.
DORA is a sector-specific regulation for the financial sector that applies as lex specialis in relation to NIS2. Financial institutions falling under DORA do not need to comply separately with NIS2 for overlapping areas. However, DORA sets additional requirements regarding digital resilience testing and management of ICT third-party providers that go beyond NIS2.
We deliver the full spectrum of GRC professionals: compliance officers, risk managers, ISO 27001 lead auditors, NIS2 implementation consultants, DORA specialists, ISMS managers and internal auditors. Both for interim assignments via MVPeople and for permanent positions via MVPermanent. Through MVProjects we deliver complete project teams for compliance implementations.
We typically present suitable GRC profiles within 5 to 10 working days. Depending on the complexity of the assignment and any screening requirements, a consultant can start within 1 to 3 weeks. For urgent compliance deadlines such as NIS2 implementations we deploy additional capacity.
Rates vary based on seniority, specialisation and type of regulation. A mid-level compliance consultant has a different rate than a senior ISO 27001 lead auditor or a specialised DORA consultant. Contact us for a no-obligation indication based on your specific compliance requirements.
Through our MVProjects service line we deliver complete project teams for ISO 27001 implementations and certification programmes. This includes ISMS consultants, lead auditors, risk assessment specialists and documentation experts. We guide the process from gap analysis to successful certification.
Lead the execution of critical cybersecurity resilience programmes at a vital energy infrastructure organisation. Shape digital systems security and integrated protection across two strategic themes.
Transform security data into strategic insights. You design dashboards, track KPIs, and empower leadership with actionable compliance and risk intelligence.
Build governance frameworks that protect and enable your organisation. You translate compliance requirements into actionable security controls while partnering with business and IT teams.
Lead security strategy and governance across the organisation. You design policies, manage risk frameworks, and ensure compliance with evolving regulations. Shape the security culture while reporting to senior leadership.
Lead security strategy and governance for a growing organisation. You design policies, manage risk frameworks, and report to leadership on security posture and compliance.
Design and implement security strategies across complex enterprise environments. You advise leadership on cyber risk, lead security assessments, and drive organizational transformation.
From NIS2 implementation to ISO 27001 certification: we deliver the compliance professionals your organisation needs.
