Title: Third-Party Risk Manager (TPRM) – Information Security & NIS2 ComplianceWe are seeking an experienced Third-Party Risk Manager (TPRM) to join a leading organization in the public/regulated sector. This role focuses on managing, overseeing, and mitigating information security risks associated with third-party vendors, suppliers, service providers, and contractors in alignment with the NIS2 Directive.Note: We are only looking for candidates who have actively performed in this role within the past 5 years.Role OverviewThe TPRM will operate within Procurement, building strong relationships with third parties and internal stakeholders, facilitating risk assessments, and ensuring that all external partners meet the organization’s security standards. You will play a pivotal role in safeguarding business operations from information security threats while ensuring compliance with regulatory obligations.Key ResponsibilitiesThird-Party Supplier Security Governance: Define and implement governance and processes for third-party information security.Evaluate, classify, and monitor vendors based on criticality and risk.Support development and maintenance of supplier security policies and procedures.NIS2 Compliance: Ensure all third-party relationships comply with NIS2 cybersecurity requirements, including risk management, incident reporting, and supply chain security.Third-Party Risk Assessment & Management: Conduct due diligence and risk assessments for vendors against NIS2 standards.Maintain a risk register and treatment plans.Develop risk scoring methodologies, monitor performance metrics, and manage the full vendor risk lifecycle.Contract & Procurement Support: Collaborate with Procurement and Security teams to include cybersecurity clauses in contracts.Review and approve security and privacy terms in agreements.Support contract negotiations and manage SLAs and penalties related to security.Supply Chain Security:Monitor and mitigate supply chain risks.Ensure vendors implement adequate technical and organizational measures.Monitoring & Reporting: Oversee continuous monitoring, audits, and remediation follow-ups.Maintain dashboards and provide regular management reports on risk posture and compliance.Incident Management & Notification: Ensure timely reporting and management of third-party security incidents in line with NIS2 timelines.Stakeholder Engagement & Training: Collaborate with ICT, Risk, Procurement, and external partners to promote NIS2 best practices.Develop and deliver awareness programs for third parties on regulatory obligations and security policies.Qualifications & ExperienceMinimum 4 years in third-party risk management or cybersecurity/compliance, ideally in a regulated or governmental environment.Experience with ISO/IEC 27001 supplier security clauses and other frameworks (NIST, CIS Controls).Familiarity with NIS2 Directive, supply chain security, and vendor risk assessments.Experience in contract negotiation and incorporating security clauses.Certifications such as CISM, CISSP, CRISC, ISO 27001 Lead Implementer, or TPRM certifications preferred.Knowledge of public tenders and critical infrastructure protection is advantageous.Familiarity with GRC platforms, particularly ServiceNow, is a plus.Excellent communication, negotiation, and stakeholder management skills.Key CompetenciesStrong understanding of regulatory compliance, especially NIS2.Advanced analytical and risk assessment skills.Ability to translate security requirements into contracts.Proactive, detail-oriented, and committed to continuous improvement.RequirementsExpertise in Information Security Management and Risk Management.Language: Dutch or French.Proven track record performing in this role in the past 5 years.Contract DetailsInitial contract: 3 months, renewable on a rolling basis up to 1 year.