Position

Werkgever

Werkgever details

Systems security and network provider.

Duration

• 01/10/2025 - 30/09/2026
• 12 months   •   (full time)

Location

• 1000 Bruxelles Hybrid

Functieomschrijving

The Third-Party Risk Manager (TPRM) is responsible for overseeing, managing, and mitigating information security risks related to suppliers, service providers, and contractors, in alignment with the NIS2 directive. This role ensures that external partners comply with security standards and policies, meet NIS2 obligations, and do not introduce unacceptable risks to business operations. The manager builds and maintains strong relationships with third parties, facilitates risk assessments, and collaborates with internal stakeholders to strengthen the organization’s resilience against information security threats.

Vereiste ervaring

• Defining and establishing the necessary governance and processes for managing information security risks related to third-party vendors. Evaluating and classifying third parties based on criticality and risk to essential assets or services. Supporting the CISO and procurement department in developing and maintaining security policies and procedures for vendor security, designing secure system architectures, and advising on the implementation and integration of security technologies across the enterprise.

• Ensuring all third-party relationships are compliant with the cybersecurity requirements of the NIS2 directive, including risk management, incident reporting, and supply chain security.

• Establishing risk scoring methodologies and criteria to categorize vendors, and conducting thorough due diligence and security risk assessments of current and potential third parties, with an emphasis on their ability to meet NIS2 standards.

• Collaborating with Procurement and the CISO to ensure third-party contracts include robust cybersecurity clauses, clear incident reporting requirements, audit rights as mandated by NIS2, and data protection and privacy provisions.

• Developing and maintaining processes to identify, monitor, and mitigate supply chain cyber resilience risks, and ensuring vendors implement appropriate technical and organizational measures. This includes continuous monitoring of vendor dependencies.

• Overseeing ongoing monitoring of third-party compliance, including KPIs, SLAs, regular assessments, audits, and follow-up of corrective actions, using risk dashboards and reporting mechanisms.

• Coordinating with third parties to ensure timely reporting and effective management of security incidents or breach notifications, in accordance with NIS2 incident reporting timelines.

• Maintaining regular contact with internal teams (ICT, Risk, Procurement) and external partners to foster a shared understanding of NIS2 requirements and third-party risk management best practices, and facilitating regular security review meetings with critical suppliers.

• Overseeing the development and delivery of training and awareness programs for third parties regarding NIS2 obligations, supply chain security, and awareness of relevant information security policies.

• Work with ISO/IEC 27001 clauses specifically related to supplier relationship security.

Aanbod

The proposed collaboration is for 12 months. We will begin with a 3-month contract to assess the fit, after which it may be extended in increments of 3 to 6 months.