Risk Manager Security (SNS02334)
Job Description
- Defining and building the necessary governance and processes for managing information security risks from third-party vendors. Evaluate and classify third parties based on criticality and risk for essentials or services. The CISO and purchasing service assist in the development and maintenance of vendor security policies and procedures. Designing secure system architectures and advising on the implementation and integration of security technologies across the enterprise.
- You are responsible for ensuring that all third-party relationships are compliant with the cybersecurity requirements of the NIS2 Directive, including risk management, incident reporting, and supply chain security.
- Establish risk scoring methodologies and criteria for categorizing suppliers and conduct thorough due diligence and risk assessments on security of existing and potential third-party suppliers, focusing on their ability to comply with NIS2 standards.
- Working with Purchasing and CISO to ensure that third-party contracts include robust cybersecurity clauses, clear incident reporting requirements and audit rights, as mandated by NIS2, as well as the inclusion of data protection and privacy requirements.
- Develop and maintain processes to identify, monitor, and mitigate risks in supply chain cyber resilience and ensure that suppliers implement appropriate technical and organizational measures. This includes continuous monitoring of vendor dependencies.
- Oversee ongoing third-party compliance monitoring, including KPIs, SLAs, regular reviews, audits, and follow-up of remediation actions through risk sashboards and reporting mechanisms
- Coordinate with third parties for timely reporting and effective management of security incidents or breach notifications, in accordance with NIS2 incident notification timelines.
- Liaise with internal teams (ICT, Risk Purchasing) and external partners to promote a shared understanding of NIS2 requirements and best practices in risk management for third parties, as well as facilitate regular security assessment meetings with critical suppliers.
- Overseeing the development and delivery of third-party training and awareness programs on NIS2 obligations and supply chain security, as well as raising awareness around relevant information security policies.
Skills:
- CISM
- Cyber Security
- Information Security Management
- Stakeholder Management
Hiring Team Member
