This role focuses on strengthening information security and regulatory compliance across third-party relationships in a highly regulated environment. As a Third-Party Risk Manager, you take ownership of supplier security governance, ensuring that vendors, service providers, and partners comply with cybersecurity and supply-chain requirements under the
NIS2 Directive
.
You operate at the intersection of security, risk, procurement, and compliance, with end-to-end accountability for third-party risk management across the full vendor lifecycle.
Key Responsibilities
* Define, implement, and maintain third-party information security governance, including classification of suppliers by criticality and risk
* Ensure full alignment of third-party relationships with NIS2 requirements, including risk management, incident notification, and supply-chain security
* Conduct in-depth security due diligence and risk assessments for new and existing suppliers
* Maintain a third-party risk register, risk treatment plans, and risk scoring methodologies
* Manage the complete third-party risk lifecycle, from onboarding through contract termination
* Collaborate with procurement and security leadership to embed cybersecurity clauses, audit rights, SLAs, and incident obligations into contracts
* Monitor supplier security posture through KPIs, SLAs, audits, and remediation follow-up
* Coordinate security incident reporting and response with third parties in line with regulatory timelines
* Produce clear dashboards and reports for management, risk, and procurement stakeholders
* Engage internal and external stakeholders through reviews, awareness sessions, and training on supplier security obligations
What are we looking for?
* You have
hands-on experience performing a Third-Party Risk Manager role
with end-to-end responsibility
* You have
4+ years of experience
in third-party risk management, information security, cybersecurity, or compliance
* You have
practical experience implementing NIS2-aligned third-party risk controls
in a regulated environment
* You have proven experience conducting and maintaining
supplier security risk assessments and risk registers
* You have experience translating
information security requirements into contractual clauses
* You have strong knowledge of
supplier security under ISO/IEC 27001
and related controls
* You are fluent in
English
and have
active knowledge of Dutch or French
Nice to Haves
* Experience in
public-sector or governmental environments
* Experience with
public tenders and procurement processes
* Familiarity with
NIST, CIS Controls, CyberFundamentals
, or similar frameworks
* Experience with
GRC platforms
, especially
ServiceNow
* Knowledge of
critical infrastructure protection
or the
EU Cyber Resilience Act
* Relevant certifications such as
CISSP, CISM, CRISC, ISO 27001 Lead Implementer
, or TPRM-specific certifications
What do we offer?
Location: Brussels
Working model: Hybrid
Contract type: Open to both permanent employees and freelancers
Start date: 9 February 2026
End date: Halloween