YOUR JOB IN A NUTSHELL

As a Third-Party Technology Risk Management (TPTRM) Expert in our CoE Security - Governance, Risk & Compliance team, you will assess, evaluate and monitor IT and cybersecurity risks related to intragroup and external suppliers. Join our Brussels-based team of 10 specialists, where you will collaborate closely with internal and external stakeholders to ensure robust risk management in a dynamic environment.

AND IN DETAIL

• Conduct comprehensive IT and cyber risk assessments of third-party suppliers (intragroup and external) and cloud-based solutions to evaluate their cybersecurity posture, IT controls, and compliance with regulatory requirements.
• Review, challenge, negotiate, and embed IT and cybersecurity clauses in supplier contracts, collaborating with Procurement, Legal, and Business teams.
• Coordinate onsite audits, validate findings, and drive remediation plans with third parties, escalating critical risks to stakeholders.
• Track third-party security posture through periodic reviews (vulnerability reports, incident responses, compliance attestations) and synthesize risks for senior management via dashboards.
• Enhance TPTRM methodologies, tools, and templates (e.g., risk assessment questionnaires, audit guidelines) to reflect emerging threats and regulatory changes.

YOUR TALENTS AND COMPETENCES

• You are an expert in cybersecurity, risk management, and compliance, including deep knowledge of cyber threats, frameworks (ISO 27001, SOC, NIST, OWASP), and you are able to provide expert security guidance.
• You have 10+ years of experience in IT & Cyber Risk Management with a strong focus on third-party technical security risk assessments,  supplier/vendor evaluations, audit methodologies and cloud security (SaaS, IaaS, PaaS).
• You have contractual and IT security review skills, including experience in reviewing and amending IT and cybersecurity clauses in contracts.
• You have some experience in process design and business analysis, particularly in IT and security risk management.
• You have worked in the Financial services industry, particularly in large corporate environments, with a focus on IT and security risk management.
• You have strong analytical and synthesis skills – you are able to distill complex technical risks into clear, actionable insights for management.
• You are an excellent communicator, capable to influence and engage with technical experts, business stakeholders, and external suppliers.
• You are autonomous, proactive, and results-driven with a structured and methodical approach.
• You have strong English professional written and verbal persuasion skills and fluent in French (mandatory) or Dutch.

WHAT WE HAVE TO OFFER

Sustainability and impact  

As a company, we implement concrete and sustainable solutions to reduce our environmental footprint, such as saving paper and resources, recycling our waste, encouraging the use of green transport, buildings that are designed and managed to limit our impact, etc.

DEVELOPMENT & CAREER PERSPECTIVES

The departments that make up BNP Paribas Fortis cover a wide range of activities. You will therefore have many opportunities for “horizontal” and “vertical” career development. 

GOOD PLACE TO WORK

In addition to your remuneration and benefits (meal vouchers, insurance, holidays), we offer flexible salary options, allowing you to convert part of your salary into personalised benefits (phone use, IT equipment, transport, etc.).

OUR ENGAGEMENT

At BNP Paribas Fortis, we want to attract and retain all talent, whatever their gender, age, background or sexual orientation, and irrespective of whether they are living with a disability, as every person has their own experiences and their own identity. All of our full-time vacancies are also open to candidates wishing to work on an 80% or 90% full-time equivalent basis.

If the function is categorized as a banking services provider function (cf. Law of 22 April 2019 establishing an oath and a disciplinary regime for the banking sector), you will also need to provide us with a 'certificate of absence of professional ban' from the FSMA confirming that you are not professionally disqualified.

TEMPTED BY THE CHALLENGE?

A first selection is made based on your CV and motivation letter. Are we convinced that you are the right candidate? Then we will contact you.

Good luck!

Is this position not for you, but do you know someone who is cut out for this job? Feel free to share it with friends and family!