KPMG Nederland
Computer And Network Security
ITThirdParty&ClientManager
“IT Third Party & Client Manager at KPMG Nederland. Skills: third-party risk management, information security, risk assessment, contract management, stakeholder management. assessing whether external parties with whom KPMG collaborates meet our information security standards, through security assessments, due diligence, and requesting/validating relevant documentation (such as ISO certifications, SOC reports, or pentest results). translating the outcomes of these risk assessments into concrete se”
What You'll Achieve.
ensuring that these requirements are recorded in contracts, DPAs, SLAs, and other binding documents (including follow-up if measures are missing); ensuring that these steps logically connect, without overlap or gaps; ensuring that answers are complete, consistent, and delivered on time; ensuring that security requirements are included and implemented in projects; ensuring that all information security aspects within the third-party risk management process are demonstrably complied with; ensuring that the correct security requirements are included and secured in contracts, SLAs, and other binding documentation; ensuring that answers are correct, complete, and convincingly delivered; ensuring that KPMG only accepts obligations that are actually executable; ensuring that processes run smoothly and security risks are demonstrably managed
Industry & Context.
translating complexity into understandable actions
What They're Looking For.
Must Have
five years of demonstrable work experience with performing, assessing, and substantiating risk analyses of external parties, including interpreting security documentation such as ISO certifications, SOC reports, pentest results, or due diligence questionnaires, Experience with drafting, reviewing, and refining contractual security provisions, such as DPAs, SLAs, processor agreements, and security addenda, and aligning them with the risk profile of the collaboration, Experience with coordinating client audits and information requests, gathering information from IT, Legal, Procurement, Risk Management, and other teams, and ensuring that answers are complete, timely, and demonstrably correct, Good understanding of all relevant components of third-party risk management, such as onboarding, risk classification, security requirements, monitoring, annual reviews, exit management, and documentation obligations, Relevant completed HBO or WO education, such as Risk Management, Cybersecurity, Cybercrime, Information Security Management, or a comparable domain
Nice to Have
Affinity with (generative) AI and motivation to actively apply this technology in daily work
What You'll Do.
assessing whether external parties with whom KPMG collaborates meet our information security standards
through security assessments
and requesting/validating relevant documentation (such as ISO certifications
translating the outcomes of these risk assessments into concrete security requirements and ensuring these requirements are recorded in contracts
and other binding documents (including follow-up if measures are missing)
structuring the chain of third-party risk management
and ensuring these steps logically connect
without overlap or gaps
demonstrating to clients and external stakeholders that KPMG has its information security in order
for example by compiling assurance packages (such as ISO certifications
or questionnaires) tailored to the client's request
coordinating client audits and information requests
gathering input from involved colleagues (such as IT
and ensuring that answers are complete
and delivered on time
ensuring that security requirements are included and implemented in projects by reviewing project teams
and verifying that they have been demonstrably executed and are effective
ensuring that all information security aspects within the third-party risk management process are demonstrably complied with
refining risk analyses of external parties and applications
monitoring the depth of analyses and ensuring that the correct security requirements are included and secured in contracts
and other binding documentation
coordinating information requests and audits from clients
assessing security requirements that clients wish to impose on KPMG before contracts are signed and advising on feasibility
and potential mitigations
ensuring that KPMG only accepts obligations that are actually executable
assessing the implementation of information security policy within KPMG services
and internal processes
and Central Services on the correct application of information security policy
conducting risk analyses to gain insight into the main risks and measures needed to keep them within KPMG's risk appetite
How You'll Work.
Team & Collaboration
coordinating input from involved colleagues (such as IT, Legal, Assurance, Procurement, and Risk Management); working closely with colleagues from various departments with diverse expertise and responsibilities; ensuring everyone in the chain fulfills their role effectively
Communication Scope
communicatively strong in both Dutch and English; bridging the gap from your field to colleagues in other disciplines; explaining complex matters in understandable and convincing language
Process & Methodology
process management, cross-functional coordination, vendor/stakeholder management, resource planning
Applying for this IT Third Party & Client Manager role?
Most applicants get filtered before a human reads their resume. See if yours makes the cut.
How to Apply on SmartRecruiters
- SmartRecruiters often includes a video screening step — check camera and mic permissions.
- Link your GitHub or portfolio directly in the profile section for technical roles.
- Applications may be reviewed by AI scoring before reaching a recruiter — use keywords from the job description.
ANONYMOUS · UNFILTERED
What do employees actually say about KPMG Nederland?
Real rants from real employees. Read before you apply.