The Third-Party Risk Manager (TPRM) is responsible for overseeing, managing, and mitigating information security risks related to suppliers, service providers, and contractors, in accordance with the NIS2 directive. This role ensures that external partners comply with Belnet’s security standards and policies, meet NIS2 obligations, and do not introduce unacceptable risks to business operations. The manager builds and maintains strong relationships with third parties, facilitates risk assessments, and collaborates with internal stakeholders to enhance the organization’s resilience against information security threats.

You are responsible for:

• Defining and developing the necessary governance and processes for managing information security risks of external suppliers. Evaluating and classifying third parties based on criticality and risk to essential assets or services. Assisting the CISO and Purchasing department in the development and maintenance of security policies and procedures for supplier security. Designing secure system architectures and advising on the implementation and integration of security technologies across the enterprise.
• Ensuring that all third-party relationships are compliant with the cybersecurity requirements of the NIS2 directive, including risk management, incident reporting, and supply chain security.
• Establishing risk scoring methodologies and criteria for categorizing suppliers and conducting thorough due diligence and security risk assessments of existing and potential external suppliers, focusing on their ability to meet NIS2 standards.
• Collaborating with Purchasing and CISO to ensure that contracts with third parties contain robust cybersecurity clauses, clear incident reporting requirements, and audit rights as prescribed by NIS2, as well as the inclusion of data protection and privacy requirements.
• Developing and maintaining processes to identify, monitor, and mitigate risks in the cyber resilience of the supply chain and ensuring that suppliers implement appropriate technical and organizational measures. This includes continuous monitoring of supplier dependencies.
• Overseeing the ongoing monitoring of third-party compliance, including KPIs, SLAs, regular reviews, audits, and follow-up on remediation actions using risk dashboards and reporting mechanisms.
• Coordinating with third parties for timely reporting and effective management of security incidents or breach notifications, in accordance with NIS2 incident reporting timelines.
• Maintaining contact with internal teams (ICT, Risk, Purchasing) and external partners to promote a shared understanding of NIS2 requirements and best practices in third-party risk management, as well as facilitating regular security review meetings with critical suppliers.
• Overseeing the development and delivery of training and awareness programs for third parties on NIS2 obligations and supply chain security, as well as raising awareness about Belnet’s relevant information security policies.

We foresee a collaboration of 12 months. We start with a 3-month contract to assess if there is a good match. After that, the contract can be extended each time by 3 to 6 months.