Information Security Officer - Team Customer & Suppliers

As Information Security Officer (Third-Party Risk Management) you are responsible for managing and strengthening PostNL's security posture across suppliers and customer-facing partnerships. You combine cybersecurity expertise with stakeholder management skills, ensuring that third-party risks are identified, assessed and mitigated in a structured and pragmatic way. You assess security risks within supplier landscapes, evaluate compliance with PostNL security standards and relevant legislation (e.g. NIS2, GDPR), and advise internal stakeholders on required risk treatment measures. You act as a key partner for procurement, legal, vendor management and IT teams, ensuring that security is embedded in onboarding, contracting and lifecycle management of third parties.

Uitdagingen

Within the Cyber Security Office (CSO), you are part of the Customer & Suppliers domain. This domain focuses on managing cyber risks that arise from external parties and strategic partnerships.

As TRPM-focused ISO You Will

• Perform third-party security risk assessments (due diligence, onboarding and periodic reassessments).
• Evaluate supplier compliance against ISO27001, NIST CSF and PostNL internal policies.
• Define and monitor mitigation plans together with business owners and suppliers.
• Advise on contractual security clauses and minimum control requirements.
• Support audits and evidence gathering related to supplier security.
• Contribute to improving the Third-Party Risk Management framework and tooling.
• Act as sparring partner for senior stakeholders in Procurement, Legal and IT.
  
  

You ensure the right balance between risk mitigation, regulatory compliance and operational feasibility. You understand that suppliers are critical to PostNL’s operations and that security must enable — not block — business continuity.

Je verantwoordelijkheden

• Strategic impact: Third-party risk is high on the board agenda. Your work directly contributes to resilience and compliance.
• Complex stakeholder landscape: You operate at the intersection of IT, business, legal and suppliers.
• Maturity growth: You contribute to further professionalizing TRPM within a large, regulated organization.
• Visibility: You interact with senior management and external strategic partners.
• Development: Opportunity to deepen expertise in regulatory frameworks (NIS2, DORA-like principles, supply chain security).
  
  

Wat breng jij mee?

• Bachelor or Master degree in IT, Cybersecurity, Risk Management or Business Administration.
• 3–6+ years of relevant experience in Information Security or Third-Party Risk Management.
• Experience with supplier risk assessments and vendor security governance.
• Strong knowledge of ISO27001, NIST CSF, CIS Controls and audit processes.
• Understanding of NIS2, GDPR and supply chain risk requirements.
• Strong stakeholder management and negotiation skills.
• Ability to operate independently at medior/senior level.
• Relevant certifications (CISSP, CISM, CRISC, CISA) are considered a plus.
  
  

Wat bezorgen we jou?

We support our people with a motivating work environment and enthusiastic colleagues, a commitment to promoting from within and a belief that every employee deserves a productive life outside of work.

• This position is on scale 11/12 (between € 4.588,- and € 7.559,- a month), depending on experience.
• Full-time working week of 37 hours.
• 8% holiday pay and 25 holiday days (full-time).
• Flexible working hours to support work/life balance.
• Hybrid working model from home and from our head office next to Den Haag – Hollands Spoor station.
• NS Business Card for business travel and commuting.
• Collective health insurance and pension via the PostNL pension fund.
• Strong internal training and development opportunities.