Third Party Management Analyst 94

The main mission of the ‘Third Party Management Analyst’ is to ensure the identification of risks associated to the different Third Parties in relation in Belgium.

You will be responsible for evaluating the risk associated with these external entities, assessing their security controls, integrating some action plans in their contracts, and ensuring a follow up of the implementing effective measures to mitigate any potential vulnerabilities.

This role requires a strong understanding of information security, risk assessment, vendor management, and compliance frameworks.

She/he will work in close collaboration with the ‘Business Security Domain Lead’ and will be part of the Belgium-insurance security department.

Technical context

**Key Responsibilities and tasks**:
**1. Understanding of the Business context**: Participate to meetings with the Line of Business to identify the criticality of the related projects for the different security dimensions (CIA).

**2. Definition of the Vendor Risk Assessment**: Definition of the type of assessment based on the Criticality of the project for the Line of Business

**3. Vendor Risk Assessment**: Conduct thorough evaluations of third-party vendors' security controls, practices, and policies to identify potential risks and vulnerabilities.

**4. Compliance Management**: Ensure that third-party vendors comply with relevant industry standards, regulations, and contractual obligations. Monitor and report on their adherence to security requirements.

**5. Security Controls Evaluation**: Evaluate the effectiveness of third-party vendors' security controls and make recommendations for improvements or enhancements to align with best practices.

**6. Contract management**: Update contract with our third parties to integrate the potential remediations planning if the third party don’t full fill our Security Requirements.

**7. Due Diligence**: Conduct comprehensive due diligence assessments of potential third-party vendors, including security assessments, background checks, and evaluation of their security incident response capabilities.

**8. Relationship Management**: Develop and maintain strong working relationships with third-party vendors, establishing clear lines of communication and fostering a collaborative approach to security management.

**9. Incident Response**: Collaborate with third-party vendors to ensure effective incident response plans are in place. Provide guidance and support in the event of security incidents or breaches involving the vendors.

**10. Documentation and Reporting**: Maintain accurate and up-to-date records of vendor assessments, risk profiles, compliance status, and related documentation. Generate regular reports for management highlighting key findings, recommendations, and risk mitigation strategies.

**11. Vendor Performance Monitoring**: Continuously monitor the performance of third-party vendors, identifying any changes in their security posture, and taking appropriate action as necessary.

**12. Security Awareness**: Provide education and guidance third-party vendors on security best practices, policies, and procedures.

**13. Industry Knowledge**: Stay up to date with the latest trends, threats, and developments in the field of information security and vendor management, ensuring the organization remains informed about emerging risks.

Experience in conducting vendor risk assessments, evaluating security controls, and assessing compliance with regulations and standards.

Professional certifications such as Certified Third Party Risk Professional (CTPRP), Certified Information Systems Security Professional (CISSP), Certified Information Security Manager (CISM) or Certified in Risk and Information Systems Control (CRISC)

Relevant experience in third party management in line with the key responsibilities and tasks mentioned in the description

Work experience ( 3,00 years )

Strong knowledge of information security principles, standards, frameworks, and best practices (e.g., ISO 27001, NIST Cybersecurity Framework, etc.).