Third Party Risk Manager

Brussel
|Brussel
|Freelance |Payroll (consultancy)
# INW24316

Function

We’re looking for an experienced Third-Party Risk Manager to join our client’s security and risk team. This role is critical in setting up, managing, and continuously improving third-party information security risk management in line with the NIS2 Directive. You will work hands-on with vendors, suppliers, and internal stakeholders to ensure external partners meet strict security, compliance, and resilience requirements. This position is intended for professionals who have already performed this role in practice and are comfortable operating in regulated, high-impact environments.

Role & responsibilities
You will own the full lifecycle of third-party security risk management and act as a key point of contact between suppliers and internal teams:

  • Define, build, and maintain governance, processes, and frameworks for third-party information security risk management

  • Classify and assess third parties based on criticality and risk to essential services

  • Ensure third-party compliance with NIS2 requirements, including risk management, supply chain security, and incident notification

  • Conduct security due diligence and risk assessments for new and existing vendors, maintaining risk registers, scoring models, and treatment plans

  • Develop and monitor KPIs, SLAs, dashboards, and reporting on third-party risk posture and remediation progress

  • Coordinate incident reporting and response with third parties in line with NIS2 timelines

  • Collaborate with Procurement and the CISO to embed cybersecurity, privacy, audit rights, and incident clauses into contracts, and support negotiations on security terms

  • Develop supply chain security processes, including continuous monitoring of vendor dependencies

  • Facilitate regular security reviews with critical suppliers and promote awareness of security and NIS2 obligations

The ideal candidate
Our client is seeking a seasoned professional with proven experience in third-party risk and regulatory compliance:

  • Bachelor’s or Master’s degree in Information Security, Risk Management, Law, or a related field

  • Minimum 4 years of hands-on experience in third-party risk management, cybersecurity, or compliance, ideally in a regulated or public-sector environment

  • Practical, in-depth knowledge of the NIS2 Directive and its application to essential entities

  • Strong experience with supplier risk assessments, supply chain security, and contract security reviews

  • Familiarity with ISO/IEC 27001 supplier relationship controls; knowledge of NIST, CIS Controls, or similar frameworks is a plus

  • Experience with public procurement or tenders is a strong advantage

  • Exposure to critical infrastructure protection, EU cyber regulations, or the Cyber Resilience Act is a plus

  • Experience with GRC platforms, preferably ServiceNow, is an asset

  • Relevant certifications such as CISM, CISSP, CRISC, ISO 27001 Lead Implementer, or TPRM certifications are advantageous

Key competencies & mindset
You bring a strong regulatory mindset combined with a pragmatic, collaborative approach. You are analytically strong, comfortable translating security requirements into contractual obligations, and confident engaging with both technical and non-technical stakeholders. You are proactive, detail-oriented, and driven to continuously improve third-party risk management practices while strengthening the overall cyber resilience of our client’s ecosystem.

Back Print
Pieter Messely
Pieter Messely
pieter.messely@i4m.be
Cell phone:
(0) 470 026 712

Call me back

Third Party Risk Manager
In4Matic uses cookies to remember certain preferences and align jobs interests.