Third Party Security Analyst

About the Role

Within the 2nd line Information Security team of MSIG Europe SE, we are looking for an enthusiastic professional with technologic and third-party risk management skills. The CISO-Office has been established as per 1 July 2025. This role provides a great opportunity if you get energy from further maturing processes in all areas of third-party cyber risk management. The role has an European-wide scope.

The 2nd line Information Security team consists of six individuals: the Chief Information Security Officer and five Information Security Officers. The team is part of the wider Risk, Compliance and Actuarial Second Line teams (around 25 team members) who all report into the Chief Risk Officer.

Responsibilities

On a day-to-day basis, you will be responsible for:

• Act as a key point of contact for third-party cyber risk matters with procurement, legal, IT, privacy, and business stakeholders.
• Conduct cyber risk assessments of third parties, vendors, suppliers, and partners across the full lifecycle (onboarding, periodic review, offboarding).
• Evaluate third-party security controls, policies, and practices using questionnaires, evidence reviews, and risk rating methodologies.
• Review and analyse third-party certifications and reports (e.g., ISO 27001, SOC 1/2).
• Define and track risk mitigation plans, remediation actions, and control improvements with vendors and internal stakeholders.
• Engage with vendors to clarify security requirements, validate controls, and drive remediation efforts.
• Support risk acceptance, escalation, and exception processes in line with organizational risk appetite.
• Participate in incident response, root cause analysis, and lessons-learned activities related to vendor breaches.
• Perform ongoing monitoring of third-party cyber risks using internal tools and external intelligence sources.
• Track key risk indicators (KRIs) and produce dashboards, metrics, and reports for management and governance forums.
• Maintain accurate records of assessments, findings, and remediation status.
• Identify opportunities to automate or streamline third-party cyber risk processes and tooling.

Who are we looking for?

• Bachelor’s or Master degree in Cybersecurity, Information Technology, Information Security, Risk Management, or a related field.
• Relevant certifications preferred, such as CISSP, CISM, CRISC, ISO 27001 Lead Implementer/Auditor, or Third-Party Risk Management certifications.
• Proven experience in third-party/vendor risk management, cybersecurity risk assessments, or IT risk management.
• Strong knowledge of third-party cybersecurity principles, risk management, and compliance (e.g., ISO27001, NIST, Solvency II, DORA, GDPR) and the ability to support compliance initiatives.
• Technical understanding of enterprise IT environments, including networks, endpoints, identity and access management, and cloud platforms (especially Azure).
• Experience leading third-party security risk assessments, threat modelling, and internal/external audit engagements.
• Experience using third-party risk management platforms.
• Ability to analyse and interpret security reports, audit findings, and technical evidence.
• Strong stakeholder management and communication skills, and ability to collaborate with cross-functional teams.
• A drive to continuously seek process improvements and increase efficiency.
• Proficient in English; fluency in Dutch, German, and/or French is a plus.
• Appetite for occasional travel, given the European-wide scope of the Information Security team.

What You Can Expect From Us

• Competitive salary and benefit package.
• Ongoing training and professional development opportunities.
• Collaborative and supportive team environment.
• Flexible working policy.

About Us

Grounded in a long-term vision inspired by Japanese values of respect and care, MSIG Europe SE is a P&C and Marine insurer specialized in commercial and industrial risk coverage solutions. In an uncertain world, we believe trust is built through consistency, care, and genuine collaboration. At MSIG Europe, we take the time to understand our clients’ needs and shape pragmatic solutions that truly protect their business. Guided by a people-first vision rooted in our Japanese heritage, we’re here to build lasting relationships — grounded in trust, every day. MSIG Europe is part of the top 10 global insurance provider MS&AD and has a long-standing legacy of providing insurance solutions to companies of all sizes around the world. We understand and calculate risks to protect businesses and help mitigate the inevitable and varied challenges. Headquartered in Brussels, Belgium, MSIG Europe operates from Belgium, France, Germany, Italy, the Netherlands, Slovakia, Spain, and the UK.