Senior Security Officer - Brussels, België - Sparagus

Sparagus
Sparagus
Geverifieerd bedrijf
Brussels, België

2 weken geleden

Sophie Dubois

Geplaatst door:

Sophie Dubois

beBee Recruiter
Beschrijving

The main mission of the 'Third Party Management Analyst' is to ensure the identification of risks associated to the different Third Parties in relation with the company in Belgium.


You will be responsible for evaluating the risk associated with these external entities, assessing their security controls, integrating some action plans in their contracts, and ensuring a follow up of the implementing effective measures to mitigate any potential vulnerabilities.

This role requires a strong understanding of information security, risk assessment, vendor management, and compliance frameworks.


She/he will work in close collaboration with the 'Business Security Domain Lead' and will be part of the comapany in Belgium-insurance security department.

Technical context


Key Responsibilities and tasks:

  • Understanding of the Business context : Participate to meetings with the Line of Business to identify the criticality of the related projects for the different security dimensions (CIA).
  • Definition of the Vendor Risk Assessment : Definition of the type of assessment based on the Criticality of the project for the Line of Business

Vendor Risk Assessment:
Conduct thorough evaluations of third-party vendors' security controls, practices, and policies to identify potential risks and vulnerabilities.

Compliance Management:
Ensure that third-party vendors comply with relevant industry standards, regulations, and contractual obligations. Monitor and report on their adherence to security requirements.

Security Controls Evaluation:

Evaluate the effectiveness of third-party vendors' security controls and make recommendations for improvements or enhancements to align with best practices.


Contract management :

Update contract with our third parties to integrate the potential remediations planning if the third party don't full fill our Security Requirements.


Due Diligence:

Conduct comprehensive due diligence assessments of potential third-party vendors, including security assessments, background checks, and evaluation of their security incident response capabilities.


Relationship Management:

Develop and maintain strong working relationships with third-party vendors, establishing clear lines of communication and fostering a collaborative approach to security management.


Incident Response:
Collaborate with third-party vendors to ensure effective incident response plans are in place. Provide guidance and support in the event of security incidents or breaches involving the vendors.

Documentation and Reporting:
Maintain accurate and up-to-date records of vendor assessments, risk profiles, compliance status, and related documentation. Generate regular reports for management highlighting key findings, recommendations, and risk mitigation strategies.

Vendor Performance Monitoring:

Continuously monitor the performance of third-party vendors, identifying any changes in their security posture, and taking appropriate action as necessary.


Security Awareness:
Provide education and guidance third-party vendors on security best practices, policies, and procedures.

Industry Knowledge:

Stay up to date with the latest trends, threats, and developments in the field of information security and vendor management, ensuring the organization remains informed about emerging risks.

Business context


Qualifications and Skills:

Mandatory Requirements:

  • Bachelor's degree in a relevant field such as Computer Science, Information Systems, or a related discipline.
  • Minimum 5 years of security experience
  • Minimum 3 years of relevant experience in third party management in line with the key responsibilities and tasks mentioned above
  • Strong knowledge of information security principles, standards, frameworks, and best practices (e.g., ISO 27001, NIST Cybersecurity Framework, etc.).
  • Experience in conducting vendor risk assessments, evaluating security controls, and assessing compliance with regulations and standards.
  • Familiarity with common security frameworks and regulations (e.g., GDPR, PCI DSS,) and their implications for thirdparty management.
  • Excellent analytical skills with the ability to assess risks, identify vulnerabilities, and develop appropriate risk mitigation strategies.
  • Strong communication and interpersonal skills to effectively collaborate with internal stakeholders and thirdparty vendors.
  • Detailoriented with exceptional organizational skills to manage multiple vendors and prioritize tasks effectively.
  • Experience with vendor management tools, risk assessment software, and security incident management platforms is a plus.
  • A proactive and selfdriven mindset, with the ability to work independently and adapt to evolving security requirements.

Strong added value:

  • Professional certifications such as Certified Third Party Risk Professional (CTPRP), Certified Information Systems Security Professional (CISSP), Certified Information Security Manager (CISM) or Certified i
Meer banen van Sparagus
Bekijk alle vacatures van Sparagus