Senior IT Security Expert – Supply Chain & Third-Party Risk

Our client, a leading organization in the Belgian public transport and infrastructure sector, is seeking a specialist to strengthen their cybersecurity framework. This role involves defining and implementing a comprehensive supply chain security strategy while managing cyber risks associated with third-party suppliers and partners.

• Define and maintain a strategic supply chain security framework for both IT and non-IT environments.
• Execute detailed cyber risk assessments and analyses for third-party vendors and service providers.
• Establish and oversee Third Party Risk Management (TPRM) processes within the organization.
• Contribute to the drafting and review of specialized security clauses in supplier contracts.
• Conduct maturity assessments and compliance audits based on standards such as ISO 27001 and NIS2.
• Monitor security risk indicators and develop remediation plans to address identified vulnerabilities.
• Engage with internal stakeholders to raise awareness regarding supply chain cybersecurity threats.

• 8+ years of experience in cybersecurity with a specialized focus on supply chain risk management.
• Expert knowledge of security standards and frameworks including ISO 27001, ISO 27005, NIST, NIS2, DORA, and SOC2.
• Proven expertise in managing information systems security and third-party risk governance.
• Experience operating within complex or large-scale technical environments.
• Proactive, analytical mindset with strong stakeholder management skills.
• You are fluent in English with professional proficiency in French or Dutch.

Nice to Haves

• Possession of certifications such as CRISC or ISO 27001 Lead Implementer.
• Previous experience working within highly regulated sectors.

• Start date: May 11, 2026.
• Duration: 8 months (extendable).
• Work regime: Full-time.
• Location: Brussels.
• Working model: Hybrid (2 to 3 days onsite per week).
• Contract: open to both permanent employees and freelancers.