IT and Cyber Third Party Risk Assessor - Senior

Location: Brussels

Start Date: 04/05/2026

End Date: 31/12/2026

Description:

The IT and Cyber Third Party Risk Assessor supports IT and Business Units in developing solutions for operational risk management practices, with a focus on Information Security. Key responsibilities include:

• Identifying operational IT and Cyber risks on assets/applications, projects, and third parties.
• Advising, consulting, monitoring, and reporting on risk treatment to reduce overall risk exposure at an optimized cost.
• Developing and managing the implementation of strategies to reduce IT and Information Security risks in accordance with policies.
• Executing IT and security risk assessments in IT and business, covering projects or legacy assets.
• Maintaining identified risks in the risk registry database.
• Ensuring information security and IT requirements are included in third-party contracts.
• Executing information security and IT control plans on third parties.
• Coordinating and performing IT and security audits on third parties.
• Setting up processes and procedures for end-to-end IT and security management for third parties.
• Delivering consulting on risk management to internal customers.
• Reporting risks and overall risk posture regarding third parties to management.
• Contributing to the definition and improvement of risk management methods and tools.

Education:

Bachelor/Master or equivalent by experience.

Certification:

Security certifications such as CISSP, CISM, CIPP, CCSK are preferred.

Languages Requirement:

• Fluent in French or Dutch.
• Good command of English.

Telework Expectation:

50% on-site & 50% homeworking.

Required Knowledge / Experience:

• At least 3+ years of relevant experience in IT Risk Management.
• Significant experience in operational/security risks management.
• Knowledge of control frameworks and audit methodologies.
• Experience in process design and improvement.
• Experience in third-party IT and security assessments.
• Experience in data protection, business continuity, access management.
• Experience in delivering presentations and training.

Business Experience:

• Knowledge of Information Security and Risk Management frameworks (ISO27001, SOC, NIST, OWASP, etc.).
• Strong IT background.

Soft Skills:

• Good autonomy and personal effectiveness.
• Good verbal and listening communication skills.
• Ability to analyze situations and synthesize information.