Expanding steadily since its launch in 2003, the ACENSI group is an IT consultancy firm, well known for their technical and functional know-how, who specialize in Telecommunications, Media and Financial Markets, as well as in the Energy industry. ACENSI guides businesses in evolutionary IT projects from the initial strategies through to their realization (Management and Project management, Development, Design and Implementation, Infrastructure). From its original focus on technical engineering and Business Analysis, ACENSI has developed new areas of expertise in Human Resource Management Systems, Business Intelligence, e-learning and Client Relationship Management. Dynamism, enthusiasm and social development are all valued at ACENSI, allowing our clients to benefit from consultants with a true blend of talents.
ACENSI BELGIUM is looking for his client an Third Party Risk Manager
Context
The client is looking for a Third-Party Risk Manager (TPRM) to establish and manage the information security risk framework related to external vendors and suppliers, in alignment with the NIS2 Directive. The role is positioned within Procurement and requires close collaboration with CISO, Risk, ICT, and external partners to ensure that third parties comply with security standards and do not introduce unacceptable risks.
Objective
• Establish and manage a third-party security risk framework.
• Ensure NIS2 compliance across all vendor relationships.
• Strengthen supply chain security and business resilience.
Responsibilities
Third-Party Security Governance
• Define and implement governance, processes, and policies for third-party risk management.
• Classify vendors based on criticality and risk exposure.
• Support the development and maintenance of supplier security policies.
NIS2 Compliance
• Ensure all third-party relationships comply with NIS2 requirements:
o Risk management.
o Incident reporting.
o Supply chain security.
Risk Assessment & Lifecycle Management
• Conduct security due diligence and risk assessments for vendors.
• Maintain a risk register and remediation plans.
• Define risk scoring methodologies and vendor categorization.
• Manage the full vendor lifecycle (onboarding to termination).
• Monitor vendor security performance and KPIs.
Procurement & Contract Support
• Collaborate with Procurement and CISO on security clauses in contracts.
• Ensure inclusion of:
o Cybersecurity requirements.
o Incident notification obligations.
o Audit rights.
o Data protection and privacy clauses.
• Support contract negotiations and risk allocation.
• Manage security SLAs and penalties.
Supply Chain Security
• Identify and mitigate supply chain risks.
• Ensure vendors implement appropriate technical and organizational measures.
• Monitor dependencies and overall cyber resilience.
Monitoring & Reporting
• Define and maintain KPIs, dashboards, and reporting mechanisms.
• Conduct regular vendor reviews and audits.
• Report to Management, Risk Office, and Procurement on:
o Risk exposure.
o Compliance status.
o Remediation progress.
Incident Management
• Coordinate with vendors for incident reporting and response, aligned with NIS2 timelines.
Stakeholder Management
• Act as a key interface between internal teams and external partners.
• Facilitate security reviews with critical suppliers.
• Promote awareness of third-party risk and NIS2 requirements.
Awareness & Training
• Develop and deliver training and awareness programs for third parties.
• Promote best practices in supply chain security.
Profile Experience
• Minimum 4 years of experience in:
o Third-party risk management.
o Cybersecurity or compliance.
• Experience in regulated or public environments is a strong advantage.
• Experience with vendor assessments and contract negotiations.
Knowledge & Standards
• Strong understanding of:
o NIS2 Directive.
o ISO/IEC 27001 (supplier security clauses).
• Knowledge of additional frameworks is a plus:
o NIST.
o CIS Controls.
o CyberFundamentals.
Technical & Functional Skills
• Third-party risk lifecycle management
• Risk assessment and scoring methodologies
• Supply chain security
• Contractual security requirements
• Familiarity with GRC tools (e.g., ServiceNow) is an asset
Certifications (nice to have)
• CISM, CISSP, CRISC.
• ISO 27001 Lead Implementer.
• TPRM-related certifications.
Soft Skills
• Strong analytical and risk assessment skills.
• Excellent communication and negotiation abilities.
• Ability to influence stakeholders.
• Detail-oriented and proactive.
• Strong collaboration mindset.
Languages
• Dutch or French: Active knowledge.
• English: Nice to have.