IT And Cyber Third Party Risk Assessor Senior

A major Belgian financial services organisation is strengthening its third-party IT and cyber risk capability to ensure vendor controls and contractual security requirements are applied consistently. The role sits in an Information Security team that performs third-party IT and security assessments, uses control frameworks such as ISO27001, SOC, NIST and OWASP, and provides risk treatment advice to IT and business stakeholders.

The mission

The team manages risk identification and monitoring for applications, projects and external suppliers that support core banking and business services. You will work on scoping and executing IT and security risk assessments, maintaining the risk registry, and translating control findings into contract requirements and remediation plans. This work supports compliance with internal policies and external regulators and touches a broad supplier estate including cloud providers and software vendors.

Day to day you will perform end-to-end third-party IT and security assessments, run control plan activities against suppliers, coordinate follow-up audits, and deliver risk reports to Information Security, IT and Business Management. You will also help define and improve risk management methods and tools, for example risk evaluation matrices and monitoring dashboards, and occasionally deliver training or presentations to internal clients.

Your responsibilities

• Execute comprehensive third-party IT and security assessments and convert findings into clear risk ratings and remediation roadmaps
• Advise IT and business teams on operational and security risk treatment options to reduce exposure at optimised cost
• Maintain and update the risk registry and produce consolidated risk posture reports for management
• Ensure information security and IT requirements are translated into supplier contracts and control plans
• Coordinate and perform audits or on-site reviews of third parties to validate control effectiveness
• Contribute to continuous improvement of risk management methods, tooling and reporting templates

Your profile

Essential skills

• Minimum 3+ years experience in IT risk management or operational/security risk roles
• Strong practical knowledge of control frameworks and audit methodologies, including ISO27001, SOC, NIST and OWASP
• Solid IT background with the ability to assess technical controls across applications, infrastructure and cloud services
• Proven ability to assess third-party risks, write clear findings, and present remediation plans to technical and non-technical stakeholders
• Good autonomy, analytic skills and concise written and verbal communication

Preferred skills

• Experience in data protection, business continuity and access management
• Experience designing processes for third-party IT and security management
• Security certifications such as CISSP, CISM, CIPP or CCSK
• Experience delivering presentations or training to IT and business audiences

Languages

• French, C1
• Dutch, C1
• English, B2

Education

• Bachelor or Master degree, or equivalent professional experience