Search jobs
Back to search Apply now
Ref: #70643

Third Party IT Security Risk Consultant

Third Party IT Security Risk Consultant - 1+ year contract
Location: Brussels or London (Hybrid – approx. 8 days/month on-site)
Start Date: ASAP

We’re working with a major international financial organisation seeking a Third-Party IT Security Manager to join their CISO function, within the IT & Cyber Risk team.

This role focuses on strengthening the organisation’s third-party security governance by assessing, managing, and mitigating cyber and IT risks across suppliers and service providers. You’ll oversee the full lifecycle of third-party risk — from onboarding and due diligence through to continuous monitoring and contract termination — ensuring all external relationships meet the company’s rigorous security standards.

Key Responsibilities

  • Lead the end-to-end Third-Party Security Assurance process, including initial risk assessments, onboarding, recertification, and ongoing reviews.

  • Evaluate and document vendor security postures, identifying control weaknesses and recommending corrective actions.

  • Partner with procurement and legal teams to ensure contractual security clauses are risk-appropriate and enforceable.

  • Oversee offboarding security checks when third-party relationships conclude.

  • Support and coordinate responses to security alerts, incidents, and breaches involving external suppliers.

  • Collaborate with business units and technical teams to ensure remediation actions are tracked and completed.

  • Produce clear reporting and dashboards to communicate assurance findings and risk trends to management.

Required Skills & Experience

  • Solid background in Third-Party Security or IT Risk Management, ideally within a complex or regulated organisation.

  • Familiar with key security frameworks such as ISO 27001/27002, NIST, CIS Controls, and COBIT.

  • Strong understanding of the SWIFT Customer Security Programme (CSP) is essential.

  • Awareness of financial sector regulations, including DORA, ESMA, and outsourcing governance requirements.

  • Previous experience reviewing security clauses in supplier contracts and ensuring compliance through audits or follow-ups.

  • Exposure to financial market infrastructures (FMIs) or central securities depositories (CSDs) is advantageous.

  • Professional certifications such as CISSP, CISM, CCSP, CSSLP, CEH, GCIH, or CISMP are highly desirable.

Soft Skills

  • Excellent ability to manage priorities, organise workloads, and communicate across multiple teams.

  • Strong written and verbal communication skills; able to engage confidently with senior stakeholders.

  • Analytical, adaptable, and calm under pressure — able to manage competing priorities in a dynamic environment.

If you’re experienced in third-party cyber risk and want to contribute to a world-class security programme within the financial sector, we’d love to hear from you.

Apply now with your CV, day rate, and availability details. Reach out to Luke Finn on +44 203 053 3723 / luke@next-ventures.com

Attach a resume file. Accepted file types are DOC, DOCX, PDF, HTML, and TXT.

We are uploading your application. It may take a few moments to read your resume. Please wait!