Skip to content
MVPeople Group Logo
MVPeopleGroup
Third Party Risk Management

Third Party Risk Manager (ISO/GRC)

AmsterdamMVPartnersHybrideMedioroverige
Reageer directStel een vraag

Over de opdracht

You oversee the full third-party risk management lifecycle for a growing organisation. You evaluate vendor security controls, conduct risk assessments, and ensure compliance with regulations like ISO 27001 and NIS2.

You work cross-functionally with procurement, IT, and business units to integrate security into vendor relationships. Your role balances risk mitigation with business agility—identifying critical gaps without creating unnecessary friction.

You'll build and maintain a vendor risk dashboard, track remediation efforts, and report to senior management on exposure trends.

Jouw werkzaamheden

  • Assess third-party security posture using standardised questionnaires, audits, and risk scoring models
  • Develop and maintain TPRM policies, procedures, and vendor risk classification frameworks
  • Monitor vendor compliance with contractual security obligations and incident reporting requirements
  • Conduct risk reviews during onboarding, renewal, and whenever material changes occur
  • Manage vendor incidents and breaches—track impact, coordinate response, and document lessons learned
  • Report third-party risk metrics and trends to executive stakeholders and the board
  • Collaborate with procurement and legal to embed security requirements into vendor contracts
  • Maintain a central vendor risk register and provide real-time visibility across the organisation

Tech Stack & Tools

Platforms & Tooling

OneTrust TPRMArcherServiceNow GRCVantaZenGRCspreadsheet-based risk tracking

Frameworks & Standaarden

ISO 27001NIS2DORATISAXNIST Cybersecurity FrameworkCOBIT

Methodieken

Risk assessmentVendor due diligenceIncident investigationRemediation trackingContinuous monitoring

Certificeringen (pré)

CISMCRISCCISACISSP

Must-haves

  • 3+ years managing third-party or supplier risk in a GRC or security role
  • Strong knowledge of ISO 27001, NIS2, or equivalent compliance frameworks
  • Experience with TPRM platforms (OneTrust, Archer, or ServiceNow GRC)
  • Excellent communication skills—able to translate risk into business language
  • Proven ability to work independently and manage competing priorities

Nice-to-haves

  • CISM, CRISC, or CISA certification
  • Experience in regulated industries (finance, healthcare, energy)
  • Familiarity with vendor risk scoring methodologies and threat intelligence integration
  • Track record of automating TPRM workflows or improving efficiency

Wat wij bieden

  • Influence over enterprise security strategy and vendor governance
  • Work with cross-functional teams across procurement, IT, and business units
  • Access to leading TPRM tools and continuous learning resources
  • Flexible work arrangements and focus on work-life balance
  • Exposure to breach response and incident investigations
  • Personal guidance from a dedicated MVPeople consultant who knows your niche

Het proces

1

Kennismaking

Telefonisch gesprek met je MVPeople consultant (binnen 24 uur)

2

Match & Brief

We bespreken de opdracht in detail en bereiden je voor

3

Klantgesprek

Introductie bij de opdrachtgever

4

Start

Contractering en onboarding

Details

Type

MVPartners

Locatie

Amsterdam

Werkmodel

Hybride

Niveau

Medior

Sector

overige

Geplaatst

17 juni 2026

Vacaturenummer

55447

Contact

MVPeople Group

jobs@mvpeoplegroup.com
Reageer directMeer informatie

Vergelijkbare vacatures

Change ManagementMVPartners

Security Project Manager

BrabantHybride
Bekijk vacature
Business ContinuityMVPartners

Senior Adviseur Business Continuity & ICT-Continuïteit

's-HertogenboschHybride
Bekijk vacature
Data Security & DLPMVPartners

Data Security Coördinator (DLP & Dataclassificatie)

UtrechtHybride
Bekijk vacature
Reageer direct