Business Analyst – Third-Party Software Security Governance – Brussels
A leading financial institution based in Brussels is looking for an experienced Business Analyst to help design and implement a new governance framework for managing the security of third-party software suppliers.
This multi-year programme will strengthen the organisation’s ability to control and monitor software security across both on-premises and SaaS applications, ensuring compliance with internal standards and the upcoming DORA (Digital Operational Resilience Act) regulation.
You’ll work closely with teams in IT, Risk, Security, and Supply Chain to define governance structures, document key processes, and coordinate the rollout of new reporting and monitoring capabilities across the organisation.
Role
* Design governance structures (RACI, committees, target operating model) for managing supplier-related security activities
* Define and document end-to-end processes for assessing and tracking software supplier security
* Contribute to the design of the data model and reporting framework supporting supplier and vulnerability management
* Review incident and alert handling processes involving third-party software or cloud providers
* Define controls, monitoring procedures, and response plans aligned with DORA and security best practices
* Coordinate with stakeholders across multiple departments to align priorities and ensure consistent process adoption
* Balance operational practicality with effective risk management
Requirements
* Proven experience in process design and documentation (BPMN or similar methodologies)
* Strong knowledge of IT governance frameworks (e.g. ITIL, COBIT) and security governance concepts (e.g. CISM)
* Experience designing target operating models and governance structures in large organisations
* Strong coordination and communication skills, with the ability to engage stakeholders from multiple domains
* Background in IT risk, supplier governance, or security transformation projects is a strong plus
Additional Details
START DATE: Q4 2025
DURATION: Long-term assignment (design + deployment through 2026)
CONTRACT: Freelance
LOCATION: Brussels
ONSITE POLICY: Hybrid – 8 days per month onsite
HOURS PER WEEK: Full-time
LANGUAGES: English (French/Dutch a plus)
INTERVIEW PROCESS: 2 stages