Position Overview: We are seeking a highly skilled Cyber Security Compliance Specialist to support our client in managing and enhancing the cybersecurity compliance of its suppliers and third-party partners. This role is critical for ensuring supplier adherence to cybersecurity standards, particularly in line with the Network and Information Systems (NIS) Directive and Cyber Assessment Framework (CAF) standards. The successful candidate will review and update contractual cybersecurity clauses, perform in-depth assessments of supplier cybersecurity postures, and collaborate with cross-functional teams to implement contractual changes that reduce cybersecurity risks.
Key Responsibilities:
* Review and Update Cyber Security Clauses
* Regularly review and update standard cybersecurity clauses in all supplier contracts to align with the latest NIS enhanced CAF (eCAF) standards, NIS 2 regulations, and industry best practices.
* Supplier Security Posture Assessment
* Assess and document the cybersecurity posture of our clients suppliers. Conduct thorough reviews of existing supplier risk assessment reports and supplier contracts to identify any cybersecurity gaps or areas of non-compliance.
* Cybersecurity Gap Analysis and Recommendations
* Identify and recommend adjustments to supplier contracts to address cybersecurity deficiencies. This includes tailoring recommendations to ensure compliance with the eCAF standards and optimizing cybersecurity measures in the supply chain.
* Contract and SLA Review for Cybersecurity Compliance
* Evaluate existing contracts and Service Level Agreements (SLAs) to verify that cybersecurity requirements meet eCAF and NIS 2 standards. Recommend and implement updates where necessary to ensure contractual obligations support robust cybersecurity practices.
* Compliance Monitoring and Supplier Review System
* Design and establish systems and processes to monitor supplier compliance with cybersecurity clauses. Conduct regular audits and reviews of suppliers to ensure continuous adherence to our client's cybersecurity requirements.
* Cross-Functional Collaboration
* Work closely with third-party vendors, internal risk management, procurement, and legal teams to negotiate and execute cybersecurity-related contractual changes. Provide expertise and support in embedding cybersecurity into all relevant contractual agreements and risk management processes.
Qualifications and Skills:
* Proven experience in cyber security compliance, ideally within a supplier risk management or contract review role.
* Strong knowledge of NIS Directive, NIS 2 regulations, and Cyber Assessment Framework (CAF) requirements.
* Experience working cross-functionally, particularly with risk management, procurement, legal, and third-party stakeholders.
* Excellent communication skills, with the ability to convey technical cybersecurity requirements in a contractual and business context.
* Strong analytical skills for identifying cybersecurity gaps and designing actionable solutions within supplier agreements.