Job Description
Role: Senior Third-Party Security Risk Consultant
Contract type: B2B
Work model: Hybrid – 6 days per month in office - Kraków
Overview
We are looking for a Senior Third-Party Security Risk Consultant to support and enhance cybersecurity risk assessments related to external suppliers and service providers. The role focuses on evaluating, guiding, and improving cyber risk posture across third-party engagements, ensuring security controls are appropriately defined, assessed, and embedded throughout the supplier lifecycle—from selection through onboarding and remediation.
This position sits within a cybersecurity risk and assessment function and plays a key role in ensuring consistent, high-quality security assurance across global supplier relationships. The role combines hands-on risk assessment, advisory responsibilities, and quality assurance of security evaluation outcomes.
Key responsibilities
- Deliver end-to-end third-party cybersecurity risk assessments as part of supplier selection and onboarding processes
- Provide expert guidance on cyber risk exposure, control gaps, and remediation strategies for critical suppliers
- Support the development and evolution of third-party cyber risk consultancy practices within procurement and onboarding workflows
- Collaborate with cybersecurity, risk, procurement, and technology stakeholders in a global environment
- Act as a subject matter expert (SME) for complex supplier-related security assessments
- Perform quality assurance on security assessment outputs to ensure consistency and high standards
- Contribute to the development of frameworks, methodologies, and training materials for third-party risk practices
- Prepare clear and concise reports, updates, and risk summaries for senior stakeholders
- Support audits, regulatory reviews, and internal risk governance activities
- Communicate technical security risks in a clear business context to support decision-making
- Manage multiple assessments and priorities in a fast-paced environment
Requirements
- 5+ years of experience in cybersecurity, risk management, or information security roles
- Strong understanding of risk and control frameworks, including design and assessment of security controls
- Experience in third-party / supplier security risk management or governance
- Ability to translate technical security issues into business risk language
- Experience working in international, cross-functional environments with diverse stakeholders
- Strong communication skills in English (written and verbal)
- Experience engaging with senior stakeholders and influencing decision-making
- Knowledge of cloud security (especially SaaS environments) is highly desirable
- Awareness of AI-related security risks is a plus
- Relevant certifications such as CISSP, CISA, CISM, CRISC, or CCSP are preferred
- Degree in IT, Cybersecurity, or equivalent practical experience
Key competencies
- Strong analytical and problem-solving mindset
- High attention to detail and quality orientation
- Ability to work independently and drive outcomes in complex environments
- Strong stakeholder management and influencing skills
- Proactive, curious, and continuously improvement-focused approach
- Resilient, adaptable, and comfortable working under pressure
Benefits
- Private medical care (LuxMed package)
- MyBenefit cafeteria platform
- Dedicated Contractor Care support and assistance throughout the engagement