Introduction
Start: asap
End: 31 October 2026
Possible extension: YES
Hours per week: 40
Organization
The team works according to the DevOps & Agile methodology.
You are working on improving the Supply Chain Security services, based on user stories.
Occasionally there are incidents that occur that you are going to look into.
For your work you often engage with various stakeholders such as other IT departments, business colleagues and software suppliers.
Function
Key responsibilities in your work contain:
- Govern and manage IT vendor relationships in terms of performance regarding the security aspects of the underlying contractual obligations;
- Execute Vendor Security Risk Assessments and perform follow up actions. Focus on the risks that matter, translate them into the business context and help your stakeholders to address security challenges;
- Ensure that information security risks are identified and managed effectively throughout all the stages of the relationship with external vendors;
- Review the applicability and the quality level of assurance reports issued by the third parties;
- Ensure continuous improvements are achieved both in the quality of reporting and service provided by the third party;
- Manage the IT security related part of a contract with the third party provider. Work together with 2nd line functions such as legal, compliance, procurement and other internal parties on contractual changes;
- Help solving security-related questions, take initiative and escalate in time if needed;
- Signal improvements related to the way of working inside the team and contribute to improving the excellence of our service offering;
- Stay up-to-date with emerging cyber security trends and the latest developments in the field of technology, information risk and threats, actively share this knowledge with your colleagues and help to determine if/when to integrate them into the assessment program.
- With the following results (SMART)
- Key part: Signal improvements related to the way of working inside the team and contribute to improving the excellence of our service offering; which are based upon our expected DORA impact
Requirements
Relevant knowledge, skills, competences & desired education level
- HBO or University degree
- Knowledge and experience with setting up projects & deliverables within supply chain security / TPSRM
- Experience in executing information security risk assessments;
- Knowledgeable on one or more areas such as security processes, technology architectures, network security, application security and vulnerability management;
- Excellent in stakeholder management.
- Hands-on, self-organised, willing to finish and deliver (execution power)
- A strong ability to translate technical risks into business risks and vice versa;
- Service oriented professional, you enjoy taking on an internal consultancy role
- Experience with the ServiceNow TPRM module is a huge pré.
Additional information (visible for suppliers)
You will join the Supply Chain Security (SCS) team, part of the Corporate Information Security Office (CISO) department, within the Cyber Defense grid. CISO employs approximately 400 colleagues who are responsible for the bank’s information security globally, across all subsidiaries and countries. The grid Cyber Defense is responsible for the security operations activities of ABN AMRO, and within our team we continuously provide visibility into the security posture of the vendors of ABN AMRO. The Supply Chain Security team members are experienced in information security and vendor relations. The team is diverse in both nationalities and professional background, which makes it a great place to work and develop yourself. The team currently consists of 12 members and is ready for further expansion. The working language within the team is English.
Information
Michael Siep +31(0)20-3337629
Application
Michael Siep +31(0)20-3337629