The European Directive NIS2 and the new Cyber Security Act will impose new obligations on companies. Some of them will have to appoint a Cyber Security Manager. Find out to whom it will be compulsory and what it is supposed to do in the first place.
A Cyber Security Manager is a position responsible for managing cyber security in its entirety. They should lead the planning of projects and actions, coordinate specific activities, oversee budgets, and be responsible for the work of the cybersecurity team.
They are also tasked with linking communication between IT professionals and management. If the company has obligations under the Cybersecurity Act, they oversee compliance.
Benefits of a Cyber Security Manager:
- Coordinates cybersecurity activities as a whole.
- Sees the topic in a comprehensive, broader perspective than individual IT specialists or management.
- Knows the latest trends, threats and methods of protection.
- Communicates cybersecurity topics across the company.
- If the law requires it, you have no choice.
It’s already mandatory for companies subject to the Cybersecurity Act. But with the new law, the number of such companies will increase dramatically, and you may have to get a manager, too.
Cyber Security Manager according to NIS2
The forthcoming Cybersecurity Act plans to make the role of Cyber Security Manager mandatory for companies under a stricter regime (essential). Read our previous article to find out which ones they are and how to find out if you happen to be one of them.
By the way, the Act also defines other so-called security roles, namely Cyber Security Architect, Asset Guarantor and Cyber Security Auditor.
The job description of the Cyber Security Manager is extensively set out in the implementing decree and its annex, which is now being drafted together with the Act.
Importantly, a person in this position must not simultaneously hold operational and other senior positions, whether in IT or in another area within the company. The law also specifies the training, knowledge and experience requirements for such a person, so you cannot formally appoint an assistant just because they can run a printer.
However. There is one big disadvantage to employing such a manager. An experienced professional will ask for a fat salary. What if you can’t afford it? Outsource the position.
Cyber Security Manager Outsourcing
Why is outsourcing this expert worth it?
- Solves high costs: with outsourcing, you do not feed the “whole employee”, but only pay the regular fees for the service. Which is a completely different amount that your budget can more easily handle. Similar to how companies hire a data protection officer under GDPR.
- Solves the requirements of NIS2 and the Cyber Security Act: if you have to appoint a Cyber Security Manager, don’t delay or you put yourself at risk of sanctions.
- Solves cyber security problems: you’ll get quality security in line with the latest trends. You will be looked after by a person who specialises in security. They won’t be distracted from the topic by setting up e-mails for new employees and dealing with malfunctioning laptops.
After all, such a comprehensive, umbrella role suits any medium or larger company that takes its cybersecurity seriously. No matter what the law says.
An external Cyber Security Manager will work with you on an agreed scope, e.g. one, two or three days a month, possibly partly at your company and partly remotely. The role is coordinating, advising and connecting. They should not take on specific operational tasks and therefore get in the way of your company IT manager. Rather, the Cyber Security Manager will become their partner and complement them where their expertise or time capabilities do not extend.
Do you need advice on the new obligations brought by NIS2 and the new Cyber Security Act? That’s what we’re here for! Give us a call, we’ll be happy to lend a hand.