CISO Officer - Third Party Risk Management (Transport Sector)

Location: Brussels, Belgium
Sector: Transport & Railway Operations
Contract Type: Freelance

About the Role
As a provider of essential public transport services, our client is committed to the highest cybersecurity standards. We are looking for a specialist to join the IT department and help shape a secure and resilient digital landscape. In the role of CISO Officer for Third Party Risk Management (TPRM) , you will be responsible for ensuring the effective management of cybersecurity risks related to all third parties, including suppliers, partners, and integrators.

Your objective is to integrate and enforce cybersecurity requirements within all procurement and tendering processes, ensuring that security commitments are consistent, compliant, and traceable throughout the entire lifecycle of the third-party relationship. You will work at the intersection of cybersecurity, legal, and procurement to protect critical railway operations.

Key Responsibilities

1. Third Party Risk Management (TPRM)

   • Establish, maintain, and continuously improve the cybersecurity TPRM framework in alignment with regulatory standards.

   • Identify, analyze, and assess cybersecurity risks associated with third parties using security questionnaires, certifications, policy reviews, and architectural assessments.

   • Define, monitor, and document risk mitigation measures and acceptance conditions.

2. Procurement & Tender Security

   • Review and secure cybersecurity requirements within procurement documents (RFI, RFP, RFQ, tenders).

   • Assess supplier responses and proposals from a security, compliance, and risk perspective.

   • Contribute to drafting security-related responses and identifying associated risks and commitments in collaboration with Legal and Procurement teams.

3. Reporting & Improvement

   • Ensure clear reporting and monitoring of third-party risks and reviewed tenders.

   • Provide consolidated visibility to the CISO and propose continuous improvement actions based on threat intelligence and regulatory developments.

Profile & Qualifications

• Education: Master’s degree in IT, Law, Risk Management, or Information Security. A Bachelor’s degree complemented by significant experience will also be considered.

• Experience: Minimum of 5 years in a cybersecurity-related role, specifically in Third Party Risk Management, Security Assurance, GRC (Governance, Risk, Compliance), or Security Audit, with a strong focus on reviewing procurement and tender documentation.

Required Skills & Knowledge

• Standards: Strong knowledge of ISO 27001/27002, NIS2, GDPR, CyFun, ISO 27036 (Supplier Relationships), and ISA/IEC 62443.

• Risk Assessment: Ability to assess solutions and architectures from a security perspective and to analyze complex contractual documents.

• Stakeholder Management: Proven ability to interact effectively with various internal stakeholders (Procurement, Legal, IT, Business Units, CISO).

• Analytical Skills: Excellent analytical and synthesis skills with the ability to produce clear and structured deliverables.

• Solution-Oriented: Motivated to dive into complex topics with a critical, risk-oriented, and solution-oriented approach.

Languages

• Dutch or French at native level or minimum C1 proficiency.

• Good working proficiency in the second national language.

• Professional proficiency in English (minimum C1).

Personal Attributes

• Autonomous with strong prioritization skills and ability to learn quickly.

• Rigorous, critical mindset with a strong attention to detail.

• Team spirit, adhering to the motto: "Together, we achieve more."