Job Specifications
This role focuses on strengthening information security and regulatory compliance across third-party relationships in a highly regulated environment. As a Third-Party Risk Manager, you take ownership of supplier security governance, ensuring that vendors, service providers, and partners comply with cybersecurity and supply-chain requirements under the NIS2 Directive.
You operate at the intersection of security, risk, procurement, and compliance, with end-to-end accountability for third-party risk management across the full vendor lifecycle.
Key Responsibilities
Define, implement, and maintain third-party information security governance, including classification of suppliers by criticality and risk
Ensure full alignment of third-party relationships with NIS2 requirements, including risk management, incident notification, and supply-chain security
Conduct in-depth security due diligence and risk assessments for new and existing suppliers
Maintain a third-party risk register, risk treatment plans, and risk scoring methodologies
Manage the complete third-party risk lifecycle, from onboarding through contract termination
Collaborate with procurement and security leadership to embed cybersecurity clauses, audit rights, SLAs, and incident obligations into contracts
Monitor supplier security posture through KPIs, SLAs, audits, and remediation follow-up
Coordinate security incident reporting and response with third parties in line with regulatory timelines
Produce clear dashboards and reports for management, risk, and procurement stakeholders
Engage internal and external stakeholders through reviews, awareness sessions, and training on supplier security obligations
What are we looking for?
You have hands-on experience performing a Third-Party Risk Manager role with end-to-end responsibility
You have 4+ years of experience in third-party risk management, information security, cybersecurity, or compliance
You have practical experience implementing NIS2-aligned third-party risk controls in a regulated environment
You have proven experience conducting and maintaining supplier security risk assessments and risk registers
You have experience translating information security requirements into contractual clauses
You have strong knowledge of supplier security under ISO/IEC 27001 and related controls
You are fluent in English and have active knowledge of Dutch or French
Nice to Haves
Experience in public-sector or governmental environments
Experience with public tenders and procurement processes
Familiarity with NIST, CIS Controls, CyberFundamentals, or similar frameworks
Experience with GRC platforms, especially ServiceNow
Knowledge of critical infrastructure protection or the EU Cyber Resilience Act
Relevant certifications such as CISSP, CISM, CRISC, ISO 27001 Lead Implementer, or TPRM-specific certifications
What do we offer?
Location: Brussels
Working model: Hybrid
Contract type: Open to both permanent employees and freelancers
Start date: 9 February 2026
End date: Halloween
About the Company
Pauwels Consulting is a Belgian consultancy firm with more than 1500 experts in engineering, life sciences and IT. We staff, manage and execute projects for leading organizations in Belgium, France, The Netherlands and beyond.
Experts in Engineering, Life Sciences and IT
Our Engineering team helps organizations in the (petro)chemical, civil engineering, industrial production, energy and transport businesses with the design, supervision, support and execution of long-term projects. We are particularly active in the fields o...
Know more