SECURITY & RISK MANAGEMENT
Your Managed
Security & Risk
Office
We manage the governance, risk, strategy & compliance side of security — so your organisation stays protected, compliant, and in control. One partner. Full program. Built around you.
Most organisations have security tools. What they lack is a security program.
You probably have a firewall, endpoint protection, maybe even a SOC provider. But who owns the overall program? Who manages the risk register, maintains your compliance posture, designs your security architecture, and reports to the board with clarity and confidence?
Building an internal team to handle governance, risk, compliance, and security strategy takes five to eight specialists and years of development. Hiring consultants for one-off projects gives you reports — but no one who stays to own the outcome. There's a better model.
THE MANAGED OFFICE
We manage the program.
You keep the control.
CTRL Disrupt operates as your Managed Security & Risk Office — the strategic and governance layer that every organisation needs but few can fully staff. We own the program across five capabilities. We don't run your SOC or manage your endpoints — we make sure the right decisions are being made about how your organisation protects itself.
Governance
Decision-making and accountability as the foundation. Security governance connected to business objectives, board oversight, and a culture that follows it.
Architecture & Transformation
Design your security architecture across cloud, identity, data, and network — and orchestrate change securely through cloud migration and transformation.
Risk
Manage risks to fit your appetite. Systematic identification, assessment, and treatment — a living discipline, not an annual spreadsheet.
Compliance
Assure that things are done the proper way. ISO 27001, NIS2, BIO2.0, EU AI Act, and more — managed as one coherent program, including AI security and compliance.
Strategy
Prioritise resources to meet your objectives. Maturity assessments, roadmaps, and capability planning that align security with your ambitions.
Always Integrated
These capabilities never operate in isolation. Governance sets the foundation, Risk and Strategy decide where to focus, Architecture & Transformation puts it into structure, and Compliance assures it's done right.
From first conversation
to full program ownership.
01
Foundation
We assess your current security and risk landscape across all five capabilities — governance, strategy, risk, architecture, and compliance. Clear picture, clear roadmap.
02
Build
We design and implement the program: governance frameworks, risk processes, compliance structures, policies, architecture blueprints, and strategic roadmaps. Tailored to your reality.
03
Manage
We operate as your ongoing security and risk office — maintaining compliance, managing risk, advising leadership, and evolving the program as your organisation and the landscape change.
We own the program.
We orchestrate the rest.
Your security and risk program needs one accountable owner — that's us. The operational layer is delivered by specialised partners: we select them, direct them, and hold them accountable, so everything works as one system. And because we're independent of tooling and vendors, our direction is always in your interest.
✔
What we own
Security governance & strategy
Risk management programs
Compliance (ISO 27001, NIS2, BIO2.0, EU AI Act)
Security architecture & transformation
AI security & compliance
Policy, awareness & culture
Vendor and partner oversight
☰
What we orchestrate
Security Operations Center (SOC)
Managed detection & response (MDR)
Penetration testing
Endpoint or network monitoring
Security tooling & vendors
Delivered by specialised partners — selected, directed, and held accountable by us, as part of your managed office.
Built for organisations where security governance is becoming a board-level priority.
Growing Organisations
You've outgrown ad hoc security. You need real governance, risk management, and compliance — but hiring a full team of specialists isn't realistic yet.
Regulated Industries
NIS2, BIO2.0, EU AI Act — the obligations are expanding. You need a partner who understands these frameworks and builds them into a coherent program.
Government & Public Sector
You operate under strict standards and public scrutiny. You need a partner with the rigour and independence to manage your program to the required standard.
Organisations Adopting AI
You're deploying AI and need to understand the risks, the EU AI Act obligations, and the governance structures required to do it responsibly.
What makes us different
The program, not the tooling.
We manage governance, risk, strategy, architecture, and compliance — the layer that decides how your organisation protects itself. Operational security is delivered by specialised partners we help you select and oversee. That independence means our advice is always in your interest.
Integrated, not fragmented.
Our five capabilities connect into one coherent program. Governance sets the foundation, Risk and Strategy decide where to focus, Architecture & Transformation puts it into structure, and Compliance assures it's done right.
Managed, not project-based.
We don't deliver a report and move on. We embed, take ownership of the program, and stay for the long term. Your security posture improves continuously — not just once.
Framework-fluent, not framework-dependent.
We work across ISO 27001, NIST, NIS2, BIO2.0, EU AI Act, and more. But we never let a framework dictate the boundaries of what your organisation actually needs.
TRUSTED BY ORGANISATIONS ACROSS EUROPE
What our clients say
"
"I worked with Gijs directly during his time at LeasePlan and I was impressed by his depth of understanding in all three key areas of Risk, Information Security and Privacy. If there are few words to describe Gijs, you can use words like meticulous, precise, thorough, rigorous. Gijs was able to inspire me from his high ethical standards and his commitment of helping his customer, even going the extra mile. If it was an option in the future, I would be honoured to work with Gijs again."
Vasileios Giannakopoulos
Global Privacy and Information Security Officer
EMERGING EXPERTISE
AI is changing the risk landscape. We're already here.
AI creates new risk categories that traditional security programs weren't designed for: algorithmic bias, model security, data governance, and a rapidly evolving regulatory landscape. We bring AI governance and compliance into your managed office — so you can adopt AI with confidence.
Explore AI Security & Compliance
⟶
EU AI Act Readiness
AI Risk Assessment
Responsible AI Governance
AI Policy & Classification
AI Supply Chain Risk
Let's talk about what your organisation needs.
Whether you need a full managed partnership or want to start with a focused assessment — we're here for the conversation. No pressure. Just clarity.
CTRL Disrupt
Your Managed Security & Risk Office.
Based in the Netherlands.
EXPERTISE
ISO 27001
NIS2
BIO2.0
EU AI Act
AI Security & Compliance
Marshalllaan 2
2625 GZ Delft
The Netherlands
© 2026 CTRL Disrupt Consulting B.V. · KvK 87198983 · All rights reserved.