Skip to content
MVPeople Group Logo
MVPeopleGroup
Third Party Risk Management

Third Party Risk Manager (ISO/GRC)

AmsterdamConsultancyHybridMedioroverige
Apply nowAsk a question

About the assignment

You oversee the full third-party risk management lifecycle for a growing organisation. You evaluate vendor security controls, conduct risk assessments, and ensure compliance with regulations like ISO 27001 and NIS2.

You work cross-functionally with procurement, IT, and business units to integrate security into vendor relationships. Your role balances risk mitigation with business agility—identifying critical gaps without creating unnecessary friction.

You'll build and maintain a vendor risk dashboard, track remediation efforts, and report to senior management on exposure trends.

Your responsibilities

  • Assess third-party security posture using standardised questionnaires, audits, and risk scoring models
  • Develop and maintain TPRM policies, procedures, and vendor risk classification frameworks
  • Monitor vendor compliance with contractual security obligations and incident reporting requirements
  • Conduct risk reviews during onboarding, renewal, and whenever material changes occur
  • Manage vendor incidents and breaches—track impact, coordinate response, and document lessons learned
  • Report third-party risk metrics and trends to executive stakeholders and the board
  • Collaborate with procurement and legal to embed security requirements into vendor contracts
  • Maintain a central vendor risk register and provide real-time visibility across the organisation

Tech Stack & Tools

Platforms & Tooling

OneTrust TPRMArcherServiceNow GRCVantaZenGRCspreadsheet-based risk tracking

Frameworks & Standards

ISO 27001NIS2DORATISAXNIST Cybersecurity FrameworkCOBIT

Methodologies

Risk assessmentVendor due diligenceIncident investigationRemediation trackingContinuous monitoring

Certifications (preferred)

CISMCRISCCISACISSP

Must-haves

  • 3+ years managing third-party or supplier risk in a GRC or security role
  • Strong knowledge of ISO 27001, NIS2, or equivalent compliance frameworks
  • Experience with TPRM platforms (OneTrust, Archer, or ServiceNow GRC)
  • Excellent communication skills—able to translate risk into business language
  • Proven ability to work independently and manage competing priorities

Nice-to-haves

  • CISM, CRISC, or CISA certification
  • Experience in regulated industries (finance, healthcare, energy)
  • Familiarity with vendor risk scoring methodologies and threat intelligence integration
  • Track record of automating TPRM workflows or improving efficiency

What we offer

  • Influence over enterprise security strategy and vendor governance
  • Work with cross-functional teams across procurement, IT, and business units
  • Access to leading TPRM tools and continuous learning resources
  • Flexible work arrangements and focus on work-life balance
  • Exposure to breach response and incident investigations
  • Personal guidance from a dedicated MVPeople consultant who knows your niche

The process

1

Introduction

Phone call with your MVPeople consultant (within 24 hours)

2

Match & Brief

We discuss the assignment in detail and prepare you

3

Client meeting

Introduction to the client

4

Start

Contracting and onboarding

Details

Type

Consultancy

Location

Amsterdam

Work model

Hybrid

Level

Medior

Industry

overige

Posted

17 June 2026

Contact

MVPeople Group

jobs@mvpeoplegroup.com
Apply nowMore information

Related vacancies

Vulnerability ManagementConsultancy

Vulnerability Management Analyst

Amsterdam, NHHybrid
View vacancy
GRC & ComplianceConsultancy

ISO 27001 Implementation Project Lead

Rotterdam, ZHHybrid
View vacancy
IAM / IGAConsultancy

DevOps Engineer IAM

North HollandHybrid
View vacancy
Apply now