Over de functie
As Information Security Officer (Third-Party Risk Management) you are responsible for managing and strengthening PostNL's security posture across suppliers and customer-facing partnerships. You combine cybersecurity expertise with stakeholder management skills, ensuring that third-party risks are identified, assessed and mitigated in a structured and pragmatic way. You assess security risks within supplier landscapes, evaluate compliance with PostNL security standards and relevant legislation (e.g. NIS2, GDPR), and advise internal stakeholders on required risk treatment measures. You act as a key partner for procurement, legal, vendor management and IT teams, ensuring that security is embedded in onboarding, contracting and lifecycle management of third parties.
Verantwoordelijkheden
- Strategic impact: Third-party risk is high on the board agenda. Your work directly contributes to resilience and compliance.
- Complex stakeholder landscape: You operate at the intersection of IT, business, legal and suppliers.
- Maturity growth: You contribute to further professionalizing TRPM within a large, regulated organization.
- Visibility: You interact with senior management and external strategic partners.
- Development: Opportunity to deepen expertise in regulatory frameworks (NIS2, DORA-like principles, supply chain security).
Wat ga je doen
Within the Cyber Security Office (CSO), you are part of the Customer & Suppliers domain. This domain focuses on managing cyber risks that arise from external parties and strategic partnerships.
As TRPM-focused ISO you will:
- Perform third-party security risk assessments (due diligence, onboarding and periodic reassessments).
- Evaluate supplier compliance against ISO27001, NIST CSF and PostNL internal policies.
- Define and monitor mitigation plans together with business owners and suppliers.
- Advise on contractual security clauses and minimum control requirements.
- Support audits and evidence gathering related to supplier security.
- Contribute to improving the Third-Party Risk Management framework and tooling.
- Act as sparring partner for senior stakeholders in Procurement, Legal and IT.
You ensure the right balance between risk mitigation, regulatory compliance and operational feasibility. You understand that suppliers are critical to PostNL's operations and that security must enable - not block - business continuity.
Wat vragen wij
- Bachelor or Master degree in IT, Cybersecurity, Risk Management or Business Administration.
- 3-6+ years of relevant experience in Information Security or Third-Party Risk Management.
- Experience with supplier risk assessments and vendor security governance.
- Strong knowledge of ISO27001, NIST CSF, CIS Controls and audit processes.
- Understanding of NIS2, GDPR and supply chain risk requirements.
- Strong stakeholder management and negotiation skills.
- Ability to operate independently at medior/senior level.
- Relevant certifications (CISSP, CISM, CRISC, CISA) are considered a plus.
Meer informatie
We do a background check during the application. We hereby ask you for a Certificate of Good Conduct (VOG).
We will also check your references and may conduct a tailor-made investigation.
We are looking for new colleagues who want to work with us to build the PostNL of the future. We therefore return mail from recruitment agencies.
As part of the recruitment process, candidates undergo an assessment designed to evaluate their competencies and skills relevant to the position.