A major public transport operator providing essential national infrastructure is strengthening its cybersecurity governance. The organization is seeking a CISO Officer specialized in Third Party Risk Management (TPRM) to ensure that cybersecurity risks linked to suppliers, partners, and service providers are properly managed.
The role focuses on integrating cybersecurity requirements into procurement and tender processes while ensuring that security commitments with third parties remain compliant, traceable, and aligned with regulatory frameworks and internal standards throughout the entire supplier lifecycle.
Establish, maintain, and continuously improve the cybersecurity Third Party Risk Management framework in line with regulatory and industry standards.
Identify, analyze, and assess cybersecurity risks related to third parties using questionnaires, certifications, policies, audit reports, and architecture reviews.
Define and monitor risk mitigation measures, acceptance conditions, and action plans.
Integrate and review cybersecurity requirements within procurement processes (RFI, RFC, RFQ, RFP, and tenders).
Assess suppliers’ responses and proposals from a security, compliance, and risk perspective.
Contribute to drafting security-related documentation and highlight associated risks and commitments.
Provide reporting and visibility on third-party risks and reviewed procurement initiatives to the CISO and management.
Recommend improvements to strengthen the organization’s cybersecurity governance and supplier risk processes.
Maintain awareness of evolving cybersecurity threats, technologies, and regulatory developments.
Fluency in Dutch, French, and English (spoken and written). Native or C1 in Dutch or French, B2 minimum in the other national language, and C1 in English.
Master’s degree in IT, law, risk management, or information security, or a Bachelor’s degree with significant cybersecurity experience.
Minimum 5 years of experience in cybersecurity roles such as Third Party Risk Management, Security Assurance, GRC/compliance, audit, or security assessment.
Proven experience reviewing procurement or tender documentation (RFI, RFC, RFQ, RFP).
Availability to work on-site at least two days per week
Strong knowledge of cybersecurity standards and frameworks such as ISO 27001 / 27002, NIS2, GDPR, CyFun, ISO 27036, ISA/IEC 62443.
Ability to evaluate technical solutions and architectures from a security perspective.
Experience analyzing supplier questionnaires and complex contractual or compliance documentation.
Excellent analytical and structured writing skills.
Ability to collaborate with multiple stakeholders including Procurement, Legal, IT, Business units, and the CISO office.
Strong risk-oriented mindset, critical thinking, and autonomy.
Strong prioritization skills and ability to handle complex topics.
Continuous participation in cybersecurity training, seminars, or professional development activities.
Interest in monitoring emerging technologies, threats, and regulatory changes relevant to cybersecurity governance.
