Cyber Security Contract Lead-260605-BRE-001

Start Date: ASAP

Role Overview

We are looking for an experienced Cyber Security Contract Lead to strengthen the CISO function within a large-scale financial services environment. In this role, you will bridge the gap between cybersecurity, contract management, and third-party suppliers, ensuring that security requirements are effectively embedded into supplier and customer relationships.

You will play a key role in implementing and maintaining regulatory compliance initiatives, including DORA and NIS2, while supporting the development of a robust third-party risk management framework.

• Act as the primary link between cybersecurity, contract management, and external vendors.
• Translate cybersecurity and regulatory requirements (including DORA and NIS2) into practical contractual obligations.
• Lead the development and enhancement of a cybersecurity supplier governance framework.
• Strengthen third-party risk management processes by identifying, assessing, and mitigating supplier risks.
• Review and advise on contracts from an information security perspective.
• Build and expand the Trust function within the CISO office and contribute to the cybersecurity community.
• Conduct cybersecurity risk assessments and provide strategic recommendations.
• Advise senior leadership on supplier-related cybersecurity risks and governance.
• Support stakeholder communication and reporting related to cybersecurity initiatives.

• Minimum 7 years of experience in a similar cybersecurity governance, supplier risk, or contract security role.
• Proven experience within the financial services sector.
• Strong background in cybersecurity risk assessments and third-party risk management.
• Solid understanding of security regulations and frameworks, particularly DORA and NIS2.
• Experience managing relationships between customers, suppliers, and internal stakeholders.
• Excellent communication and stakeholder management skills.
• Fluent in both Dutch and English.

Preferred Certifications

The following certifications are considered advantageous:

• CISSP
• CISM
• CISA
• RE
• ISO 27001 Lead Auditor

• Hybrid working model available.
• Candidates should be located within reasonable commuting distance of the office.
• A valid identity document is required.
• Pre-employment screening will form part of the onboarding process.
• CV and motivation letter should be submitted in Dutch.