Levy Professionals
We are looking for…
A highly motivated and hands-on professional to join the Supply Chain Security (SCS) team, which is part of the Cyber Defense grid for our major financial services client. This role is focused on improving the client’s Supply Chain Security services and managing security risks associated with third-party vendors. You will be a vital member of a diverse and expanding team that provides continuous visibility into the security posture of the client’s vendors globally.
Outcomes of the project. The primary outcomes of this role are to achieve continuous improvements in the quality of vendor reporting and service, ensure information security risks are managed effectively across all stages of vendor relationships, and significantly contribute to the overall excellence of the Supply Chain Security service offering, driving expected DORA impact.
As a Vendor Security Risk Analyst / Supply Chain Security Specialist, you are responsible for governing and managing the security aspects of IT vendor relationships and executing risk assessments. You will translate complex technical risks into clear business contexts and collaborate with various internal and external stakeholders to address security challenges.
You will: Responsibilities
-
Govern and manage IT vendor relationships concerning performance on the security aspects of underlying contractual obligations.
-
Execute Vendor Security Risk Assessments and perform necessary follow-up actions, focusing on material risks.
-
Ensure that information security risks are identified and managed effectively throughout all stages of the relationship with external vendors.
-
Review the applicability and quality level of assurance reports issued by third parties.
-
Manage the IT security-related part of vendor contracts, working closely with 2nd line functions such as legal, compliance, and procurement on contractual changes.
-
Actively stay up-to-date with emerging cyber security trends, risk, and threat developments, and share this knowledge to help integrate them into the assessment program.
Additional activities:
-
Help solve security-related questions, take initiative, and escalate in time if needed.
-
Signal improvements related to the way of working inside the team and contribute to improving the excellence of the service offering.
-
Work according to the DevOps & Agile methodology, improving Supply Chain Security services based on user stories.
-
Occasionally investigate and resolve incidents as they occur.
-
Engage frequently with various stakeholders, including other IT departments, business colleagues, and software suppliers.
Who are you? Experience
-
Knowledge and experience with setting up projects & deliverables within supply chain security / Third-Party Risk Management (TPRM).
-
Proven experience in executing information security risk assessments.
-
Knowledgeable on one or more areas such as security processes, technology architectures, network security, application security, and vulnerability management.
-
Experience with the ServiceNow TPRM module is a significant advantage.
Profile
-
HBO or University degree.
-
Excellent stakeholder management skills.
-
A strong ability to translate technical risks into business risks and vice versa.
-
Hands-on, self-organised, willing to finish and deliver (execution power).
-
Service-oriented professional who enjoys taking on an internal consultancy role.
-
The working language within the team is English.
About Levy Professionals
Since 2000 we provide professional solutions to organizations ranging from tech start-ups to global players. From our offices in Amsterdam and London we have built an international and local network of skilled employed professionals and experts fuelled by our passion for connecting skills with projects. Over the years we have fulfilled over 1700 critical roles, helping our clients achieve their strategic goals across various industries.
