The Situation
A Dutch fintech scale-up with 200 employees faced a DORA compliance deadline. The problem: zero GRC capacity in-house. No framework, no policies, no dedicated team. Series B investors required compliance as a condition for the next funding round.
Phase 1: The Interim GRC Lead (Month 1-2)
MVPeople placed an experienced interim GRC Lead within 8 days. This professional immediately executed a gap analysis, drew up a roadmap and defined the required team composition. In parallel we started recruiting the permanent team.
Phase 2: Team Building (Month 2-4)
We placed three permanent team members: a GRC Specialist, a Risk Analyst and a Compliance Officer. Each selected on both technical expertise and cultural fit with the scale-up mentality. The interim GRC Lead coached the team and transferred knowledge.
Phase 3: Framework & Audit (Month 4-6)
The team implemented a DORA-compliant governance framework, including incident response procedures, ICT risk management and third-party oversight. The first audit was passed successfully.
Result
Series B successfully closed. GRC team of 4 FTE operational. DORA compliance achieved. The interim GRC Lead completed his assignment in month 5 and handed over to the permanent GRC Manager. Total lead time: 5 months from zero to fully operational.