Third party Risk manager

Here is the detailed JDRole: Third Party Risk ManagerLanguages: English, French or DutchWork mode: HybridDescription:The Third-Party Risk Manager (TPRM) is responsible for setting up, managing, overseeing and mitigating the information security risks associated with third-party vendors, suppliers, service providers, and contractors, and this in alignment with the NIS2 Directive. This role ensures that external partners meet Client security standards and policies, comply with NIS2 obligations, and do not introduce unacceptable risks to business operations.The manager will build and maintain strong relationships with third parties, facilitate risk assessments, and collaborate with internal stakeholders to enhance business resilience against information security threats.We are only looking for candidates who have actually performed in this role as described here.Key responsibilities:Third party supplier security governance: Define and build the necessary governance and processes for managing third party supplier information security risks. Evaluate and classify third parties based on criticality and risk to essential or services. Assist the CISO and Procurement in the development and maintenance of security policies and procedures for supplier security.NIS2 Compliance: Ensure all third-party relationships adhere to the cybersecurity requirements set out in the NIS2 Directive, including risk management, incident reporting, and supply chain security.Third-Party Risk Assessment & Management:Conduct thorough security due diligence and risk assessments of existing and prospective third-party vendors, focusing on their ability to meet NIS2 standards.Maintain an up-to-date risk register and treatment plans of third parties and their risk status as required by NIS2.Establish risk scoring methodologies and criteria for vendor categorisation.Establish and monitor security performance metrics for key vendors.Manage the complete third-party risk lifecycle from onboarding to contract termination.Contract and Procurement support:Collaborate with Procurement and CISO to ensure contracts with third parties include robust cybersecurity clauses, clear incident notification requirements, and audit rights as mandated by NIS2.Review and approve cybersecurity clauses in third-party agreementsEnsure data protection and privacy requirements are incorporated into vendor contractsSupport contract negotiations on security terms and risk allocationManage security-related service level agreements and penaltie Supply Chain Security: Develop and maintain processes to identify, monitor, and mitigate risks in the supply chain cyber resilience, ensuring that vendors implement appropriate technical and organizational measures. This includes continuous monitoring of vendor dependencies.Monitoring & Reporting: Oversee the continuous monitoring of third-party compliance, including KPIs, SLAs, regular reviews, audits, and follow-up on remediation actions:Develop and maintain third-party risk dashboards and reporting mechanismsPrepare regular reports for Management, Risk Office and Procurement on third-party risk posture, compliance status, and remediation progress, highlighting any NIS2-related issues.Track and report on risk mitigation activities and effectivenessIncident Management and Notification: Coordinate with third parties to ensure timely reporting and effective management of security incidents or breach notifications, in line with NIS2 incident notification timelines.Stakeholder Engagement: Liaise with internal teams (ICT, Risk Procurement) and external partners to promote a shared understanding of NIS2 requirements and best practices in third-party risk management. Facilitate regular security review meetings with critical suppliers.Awareness & Training: Oversee the development and delivery of training and awareness programs for third parties on NIS2 obligations and supply chain security, as well as awareness around Client's relevant information security policies.