Third-Party Cybersecurity Risk Manager

Description

Summary: This corporate-level role defines and manages the Group’s strategy for third-party cybersecurity risk globally, protecting against supply-chain cyber threats. Highlights: 1. Shape global supplier cyber risk strategy 2. Transversal, high-impact mission across functions 3. Strong autonomy and influence in defining processes Third\-Party Cybersecurity Risk Manager **Offer ID:** 85721 **Job:** Digital and IT / Cybersecurity **Contract type:** Permanent **Country:** Romania **Third\-Party Cybersecurity Risk Manager** WHAT MAKES THIS ROLE TRULY EXCITING * **You shape how EQUANS manages supplier cyber risks at global scale**: This is a **Corporate‑level** role defining the Group’s strategy, model and expectations for supplier cybersecurity across all business lines. * **A transversal, high‑impact mission**: Your work influences procurement, legal, IT, business units, and cybersecurity teams worldwide — ensuring that every critical supplier meets EQUANS’ cyber expectations. * **A strategic role**: By structuring Third‑Party Risk Management (TPRM), you actively protect EQUANS against supply‑chain cyber threats, ransomware propagation, and operational disruptions. * You play **a key role** in preparing EQUANS for increasing regulatory pressure on supply‑chain security (NIS2, ISO 27001 evolution, contractual obligations). * **A unique mix of governance and technical acumen**: Not a technical position, but one requiring enough cyber literacy to assess, challenge and negotiate with suppliers — and to improve their practices when needed. * **Strong autonomy and influence**: You define processes, update frameworks, challenge existing practices, and guide entities toward a consistent, Group‑wide approach. * **An international environment**: Daily interactions with entities across regions, each with specific risks, regulations, maturity levels and critical suppliers. WHY JOIN THE CORPORATE CYBER GRC TEAM? * You help shaping the **Group‑wide cybersecurity strategy**, directly contributing to EQUANS’ resilience. * You work across borders and disciplines: legal, procurement, IT, cyber, business operations. * You grow constantly thanks to the diversity of supplier ecosystems and regulatory challenges. * You join a supportive, pragmatic, ambitious team with strong Group visibility. * You unlock significant career opportunities within cybersecurity, digital, risk, or operational excellence. ABOUT EQUANS Equans is a global leader in energy and services, with €19\.2 billion in annual revenue\* and nearly 800,000 projects per year across continents. With 90,000 skilled employees, the company delivers expertise in electrical and thermal engineering, HVAC, refrigeration, robotics, energy performance, digital solutions, IT and cybersecurity. Within this ecosystem, the **Corporate Cyber GRC function** provides the foundational governance, risk management, compliance framework, awareness initiatives and third‑party oversight that shape the Group’s overall cybersecurity posture. *(\*) Turnover 2024 consolidated* YOUR MISSION As the **Corporate Cyber Third‑Party Risk Manager**, you define, maintain and oversee the Group’s cybersecurity framework for supplier risk management. You act as the prescribing authority for TPRM (Third‑Party Risk Management) and ensure that entities apply the expected methodology consistently. You support, challenge and when needed supervise evaluations for critical suppliers — whether IT, SaaS, operational, or business‑critical partners. Your purpose: to establish a clear, pragmatic and effective Group‑wide approach to managing cyber risks coming from third parties, ensuring EQUANS remains resilient despite its complex and global supplier ecosystem. YOUR RESPONSIBILITIES 1\. Governance \& Framework Definition * Define, maintain and evolve the Group TPRM strategy, operational model and processes. * Establish cybersecurity expectations for all supplier categories (IT, SaaS, OT, business‑critical services). * Maintain and update TPRM deliverables: + security questionnaires (SaaS, IT, OT, on‑prem, service providers), + templates and scoring models, + assessment workflows. * Define and maintain the supplier criticality assessment methodology. * Ensure alignment with ISO 27001, ISO 27002 and NIS2 obligations (supply‑chain security). 2\. Supplier Cyber Evaluation \& Oversight * Define the methodology for evaluating supplier cybersecurity posture. * Supervise or support assessments of critical vendors (SaaS, IT services, cloud, business operators…). * Review and challenge technical evidence provided by suppliers (policies, certifications, controls, architecture). * Coordinate the establishment of Security Assurance Plans for critical suppliers. 3\. Transversal Stakeholders Coordination * Work closely with Procurement, Legal, IT, Business Units and Cybersecurity teams. * Support Legal in integrating the appropriate security clauses and requirements into contracts. * Support procurement teams in evaluating risks during tendering, onboarding, renewal or renegotiation. * Align TPRM expectations with regulatory teams, internal auditors and risk management functions. 4\. Continuous Improvement \& Monitoring * Monitor supplier risk trends, areas of weakness and recurrent non‑conformities. * Define KPIs and reporting for Group‑level TPRM monitoring. * Support remediation plans with suppliers when gaps are identified. * Contribute to awareness programs related to supply‑chain cyber threats. YOUR PROFILE 1\. Education \& Experience * Bachelor’s or Master’s degree in cybersecurity, IT, engineering, risk management or equivalent experience. * Experience in cybersecurity governance, risk management, compliance, audit, procurement security, or supplier assessment. * Not a technical expert role — but you must be able to read, understand and challenge technical elements (architecture, encryption, IAM, monitoring, certifications…). * Fluent in English; French if possible, any other language is a plus. 2\. Hard skills * Strong understanding of cybersecurity fundamentals across domains (cloud, networks, IAM, application security…). * Solid knowledge of ISO 27001 / ISO 27002 and supply‑chain security requirements. * Good understanding of NIS2 — especially obligations related to supplier cybersecurity and cascading risks. * Ability to analyze supplier cybersecurity maturity and identify gaps. * Experience with TPRM processes, security questionnaires, evidence review and risk scoring models. * Ability to design scalable and pragmatic processes, frameworks and governance models for supplier risk management. 3\. Soft skills Professional * Excellent communication skills across Procurement, Legal, IT, Cyber and Executive stakeholders. * Negotiation and influencing capabilities in supplier discussions. * Capacity to design simple, effective and scalable processes and frameworks. * Strong analytical skills and structured thinking for risk analysis and decision making. Behaviours \& MINDSET * Curious, rigorous, proactive with the ability to navigate in complex environments. * Comfortable working in an international, multi‑entity, multi‑maturity context. * Capable of constructive challenge and confident in defending recommendations. * Strong sense of ownership, autonomy and initiative. **Place:** Workplace : Bucharest Romania