Mission.
The mission consists of strengthening IT and Cyber third-party risk management practices by structuring risk assessment processes, improving visibility on risk exposure, and enhancing control over third-party activities.
The role focuses on identifying, assessing, and mitigating operational IT and Cyber risks across applications, projects, and external partners, while ensuring alignment with Information Security policies and regulatory frameworks.
Beyond risk assessment, the objective is to improve consistency, governance, and monitoring of third-party risk activities, enabling better decision-making and optimized risk reduction at controlled cost.
The goal is to enable the organization to enhance its overall risk posture, ensure compliance, and strengthen control over third-party IT and security risks within a complex operational environment.
Key Responsibilities
1. IT & Cyber Risk Assessment and Management
2. Third-Party Risk Oversight
3. Risk Governance and Reporting
4. Process Structuring and Improvement
5. Advisory and Stakeholder Support
Required profile.
6. IT Risk and Security Risk Management (Expert, current experience)
7. Third-Party Risk Assessments and Audits (Advanced, current experience)
8. IT Control Frameworks and Audit Methodologies (Advanced, current experience)
9. Risk Governance, Reporting, and Monitoring (Advanced, current experience)
10. Process Design and Improvement (Advanced, 1–3 years experience)
11. IT Security Frameworks (ISO27001, NIST, SOC, OWASP, etc.) (Advanced, current experience)
12. Data Protection, Access Management, and Business Continuity (Preferred)Experience in large organizations / Financial Services (Preferred)
Experience
13. At least 3+ years of experience in IT Risk Management
14. Proven experience in operational and security risk management
Technical Expertise
Mandatory
15. Strong background in IT and Information Security
16. Knowledge of control frameworks and audit methodologies
Preferred
17. Experience in third-party IT and security assessments
18. Experience in process improvement and governance structuring
19. Security certifications such as CISSP, CISM, CIPP, CCSK
Business Knowledge
Mandatory
20. Strong understanding of Information Security and Risk Management frameworks
21. Solid IT background
Education & Certifications
22. Bachelor’s or Master’s degree (or equivalent experience)
23. Security certifications (CISSP, CISM, CIPP, CCSK) are considered a strong asset
Languages
24. French – Fluent (or Dutch)
25. Dutch – Fluent (or French)
26. English – Good professional proficiency