Business Analyst – Third-Party Software Supply Chain Security
Hybrid – 8 days per month on-site in London, Brussels, Paris or Amsterdam
Initial 12-month contract (extendable)
We're looking for an experienced Business Analyst to join a major security initiative within the CISO division of a leading global financial market infrastructure provider.
This role is part of a multi-year programme focused on enhancing third-party software supply chain security, helping to design and deploy new governance, risk, and control processes around supplier-provided software and SaaS solutions.
What You'll Do
You'll play a key role in shaping and delivering a new framework that ensures third-party software suppliers meet the organisation's security expectations. Specifically, you will:
* Define and implement governance for supplier-related software security activities (RACI, Committees, etc.).
* Design and document new processes to assess, track, and manage supplier software security and associated vulnerabilities.
* Support the creation of data models and reporting mechanisms linking third parties, software, and cloud dependencies.
* Coordinate across multiple teams (Supply Chain, CISO, IT Risk, GTS) to align practices and cascade security strategy.
* Contribute to compliance with DORA and internal security governance frameworks.
* Help operationalise monitoring, response, and escalation processes for supplier incidents or vulnerabilities.
What We're Looking For
* Strong background in process design, governance frameworks, and documentation (BPMN or similar).
* Proven ability to design IT governance models (RACI, Target Operating Models, ITIL, COBIT, etc.).
* Excellent communication and coordination skills — able to work across business, IT, and security functions.
* Experience working in financial services or another regulated environment.
* Knowledge of security and risk frameworks (CISM, ISO 27001, NIST, etc.) is a plus.
* Previous experience with Euroclear or similar global financial institutions is advantageous.
Key Details
* Contract: 12 months (extendable)
* On-site requirement: 8 days per month (including 8–10 days per year in Brussels)
* Locations: Belgium, France, Netherlands, or the UK (UK candidates only via accredited umbrella companies)
If you have a strong mix of governance, process design, and cybersecurity understanding — and want to help build a security framework from the ground up — we'd love to hear from you.
Reach out to Luke Finn on +44 203 053 3723 / luke@next-ventures.con