DORA Business Analyst - (3rd party software supply chain security domain)

Note:

• Candidates should be based in Belgium, France or The Netherlands.
• 8 days a month on site is mandatory (minimum 4 days in Brussels, the other 4 days could be in another client's location but preferably Brussels).
• The client will accept UK based candidates if they use an accredited umbrella company for this assignment

Main tasks:

• Define the governance for the management activities (RACI, Committees, )
• Participate to the design the data model
• Ensure coordination between the different stakeholders (cascade CISO IT Risk vision, convince where necessary)
• Deploy processes to manage supplier subcontractors in line with DORA & security practices:
• Define process for identification of subcontractor
• Define process & approach to identify the security risks attached to the subcontractors
• Setup monitoring controls, Response plan to address the specific risk that those subcontractors may pose to out company
• Create & ensure maintenance of data repositories to support activity
• Upon existing governance (supplier review meeting), add additional operational follow up with supplier to track/coordinate the activities.

Key skills:

• Proven experience of Process Design & practical experience in documenting process in line with industry best practices (incl. knowledge in relevant methodologies: BPMN)
• Communication & Coordination skills. The project will involve stakeholders across the organization (Supply Chain, CISO, GTS teams). The candidate must be able to quickly understand the priorities and role of each team and to build comprehensive process involving all of them.
• Proven experience in designing IT governance (RACI, Target Operating Model writing). The candidate has also a good knowledge of IT Governance methodologies ( ITITL, COBIT) as well as security governance (eg CISM)
• Communication skills
• The candidate has a previous experience in the financial sector.