Supply Chain Security Third Party Risk Consultant

At a glance
You will join the Supply Chain Security (SCS) team, part of the Corporate Information Security Office (CISO) department, within the Cyber Defence grid. CISO is responsible for the bank’s information security globally, across all subsidiaries and countries. The grid Cyber Defence is responsible for the security operations activities of ABN AMRO, and within our team we continuously provide visibility into the security posture of the vendors of ABN AMRO. The 20 Supply Chain Security team members are experienced in information security and vendor relations. The team is diverse in both nationalities and professional background, which makes it a great place to work and develop yourself.

Why are you needed? 
You can imagine that security is a major asset within the bank. 
As an Information Security Expert you will be responsible to manage, monitor and report on the performance and the status of the security posture of our vendors. This role is specifically aimed at conducting end to end audits. 

Your work

The Information security expert is responsible for conducting comprehensive, end to end audits of systems, processes, SaaS platforms, and internal controls to ensure compliance, security, operational efficiency, and risk mitigation. This role involves detailed analysis, evidence gathering, root cause identification, and actionable reporting to stakeholders across Security, IT, Compliance, and Business units. The expert provides insight into gaps, emerging risks, and improvement opportunities.

Key Responsibilities
1. Audit Planning & Scoping
•    Define audit scope, objectives, and methodology based on risk assessment and organizational priorities.
•    Identify key stakeholders and gather necessary background information before starting the audit.
•    Create detailed audit work plans, timelines, and documentation templates.
2. Deep-Dive Auditing & Analysis
•    Perform thorough examinations of systems, configurations, access controls, workflows, logs, and data flows.
•    Review security controls, compliance requirements, operational processes, and technical configurations.
•    Analyze SaaS applications, cloud environments, infrastructure components, and integrated systems for gaps.
•    Conduct manual evidence reviews supported by automated tools (e.g., SIEM, compliance scanners, configuration analyzers).
3. Risk Identification & Assessment
•    Identify control weaknesses, security misconfigurations, policy deviations, and operational inefficiencies.
•    Evaluate risk impact based on severity, likelihood, and business impact.
•    Document findings with clear evidence, screenshots, logs, or data samples.
4. Reporting & Stakeholder Communication
•    Prepare detailed audit reports summarizing findings, risks, recommendations, and remediation guidance.
•    Present results to technical teams, management, and compliance stakeholders.
•    Ensure findings are clearly explained, justified with evidence, and aligned with internal policies and industry standards.
5. Remediation Support & Validation
•    Work with engineering, security, SaaS owners, and IT teams to support remediation planning.
•    Perform follow-up assessments to verify that remediation actions are implemented and effective.
•    Track remediation progress and update audit logs accordingly.
6. Continuous Improvement & Knowledge Contribution
•    Identify opportunities to strengthen internal controls, improve processes, reduce risk, or optimize tools.
•    Maintain audit procedures, templates, and documentation for consistency and quality.
•    Share insights and best practices with the SCS team and wider organization.

Way of working:
•    The team works according to the DevOps & Agile methodology. 
•    The working language within the team is English.
•    For your work you often engage with various stakeholders such as; Risk, Procurement, Contract Owners and our suppliers. 
•    Hybrid working, 1-2 days from the office.
•    Travelling abroad is required for this role.