IS Security Supply Chain Expert

Function

We’re looking for a Supply Chain & Cybersecurity Expert to join our client’s IT Security team and strengthen the security posture across a complex and highly interconnected IT & OT environment. In this role, you will focus on securing relationships with suppliers, partners, and service providers throughout the full contractual and operational lifecycle. You will report to the IT Security Manager and contribute to the overall cybersecurity strategy of a large-scale organization.

Role & Responsibilities

As an IS Security Risk Expert, you will play a key role in managing third-party cyber risk and reinforcing supply chain security:

• Supply Chain Security Strategy
  • Define, implement, and maintain the cybersecurity strategy for supply chain (IT and non-IT)
  • Ensure alignment with enterprise IT security policies and risk frameworks
• Third-Party Risk Management (TPRM)
  • Identify, analyze, and assess cyber risks related to vendors, subcontractors, and partners
  • Implement and maintain structured TPRM processes and governance
  • Monitor risk indicators and define remediation actions where needed
• Compliance, Audit & Assessment
  • Conduct supplier security assessments, maturity evaluations, and compliance reviews
  • Ensure alignment with standards such as ISO 27001 and regulatory frameworks such as NIS2
  • Support audits and contribute to continuous improvement of security controls
• Contract & Stakeholder Collaboration
  • Contribute to the definition and evaluation of security clauses in supplier contracts
  • Work closely with Procurement, Legal, IT, Security, and business teams
  • Ensure cybersecurity requirements are embedded across sourcing and supplier management processes
• Monitoring & Risk Intelligence
  • Track and report key risk indicators related to third-party ecosystems
  • Maintain a continuous watch on emerging threats, regulations, and best practices
  • Propose proactive mitigation and improvement plans

Profile – The Ideal Candidate

• Strong background in cybersecurity risk management with a focus on third-party or supply chain security
• Solid experience with IT security governance, risk assessment, and compliance frameworks
• Expertise in Third Party Risk Management (TPRM) methodologies and implementation
• Good knowledge of ISO 27001 and regulatory requirements such as NIS2
• Experience conducting audits, maturity assessments, and security reviews
• Strong ability to collaborate with Procurement, Legal, IT, and business stakeholders
• Analytical mindset with the ability to translate risks into actionable mitigation plans