Search jobs
Back to search Apply now
Ref: #70313

Business Analyst – Third-Party Software Supply Chain Security

Business Analyst – Third-Party Software Supply Chain Security
Hybrid – 8 days per month on-site in London, Brussels, Paris or Amsterdam
Initial 12-month contract (extendable)

We’re looking for an experienced Business Analyst to join a major security initiative within the CISO division of a leading global financial market infrastructure provider.

This role is part of a multi-year programme focused on enhancing third-party software supply chain security, helping to design and deploy new governance, risk, and control processes around supplier-provided software and SaaS solutions.

What You’ll Do

You’ll play a key role in shaping and delivering a new framework that ensures third-party software suppliers meet the organisation’s security expectations. Specifically, you will:

  • Define and implement governance for supplier-related software security activities (RACI, Committees, etc.).

  • Design and document new processes to assess, track, and manage supplier software security and associated vulnerabilities.

  • Support the creation of data models and reporting mechanisms linking third parties, software, and cloud dependencies.

  • Coordinate across multiple teams (Supply Chain, CISO, IT Risk, GTS) to align practices and cascade security strategy.

  • Contribute to compliance with DORA and internal security governance frameworks.

  • Help operationalise monitoring, response, and escalation processes for supplier incidents or vulnerabilities.

What We’re Looking For

  • Strong background in process design, governance frameworks, and documentation (BPMN or similar).

  • Proven ability to design IT governance models (RACI, Target Operating Models, ITIL, COBIT, etc.).

  • Excellent communication and coordination skills — able to work across business, IT, and security functions.

  • Experience working in financial services or another regulated environment.

  • Knowledge of security and risk frameworks (CISM, ISO 27001, NIST, etc.) is a plus.

  • Previous experience with Euroclear or similar global financial institutions is advantageous.

Key Details

  • Contract: 12 months (extendable)

  • On-site requirement: 8 days per month (including 8–10 days per year in Brussels)

  • Locations: Belgium, France, Netherlands, or the UK (UK candidates only via accredited umbrella companies)

If you have a strong mix of governance, process design, and cybersecurity understanding — and want to help build a security framework from the ground up — we’d love to hear from you.

Voeg CV toe in DOC, DOCX, PDF, HTML, en TXT.

Wij verwerken momenteel je sollicitatie, een moment geduld a.u.b!