Business Analyst – 3rd Party Software Supply Chain Security

Business Analyst – 3rd Party Software Supply Chain Security, DORA,RISK, Security

Duration: 12 months, with potential for extension.

Rate: 500- 800 per day

Eligibility: Candidates must be based in a country where the organisation has offices – Belgium, France, Netherlands, or the UK.

Important: UK-based candidates will only be considered if engaged via an accredited umbrella company.

On-site requirement: Minimum 8 days per month on site, including 8-10 days per year in Brussels for project workshops and key governance meetings.

About the Project

This project aims to strengthen the organisation’s software supply chain security and ensure that all third-party providers – both on-premise and SaaS – comply with the organisation’s security standards and regulatory obligations under the Digital Operational Resilience Act (DORA).

The initiative will deliver new capabilities to manage and monitor security risks linked to external software suppliers, focusing on:

• Ensuring supplier-developed or maintained software follows secure development practices.
• Building and maintaining an inventory of software components and open-source libraries.
• Identifying and managing vulnerabilities within supplier-delivered software.
• Defining and coordinating incident response procedures when third parties are involved.
• Establishing governance, reporting, and monitoring for supplier and subcontractor security.

Role Purpose

As a Business Analyst, you will contribute to the design and implementation of new governance, processes, and data models that enable the operational management of software supply chain security.

You will collaborate across Cybersecurity, IT Risk, Supply Chain, and IT Operations to design practical, sustainable processes that ensure supplier software is securely developed, maintained, and monitored.

Key Responsibilities

• Contribute to the design of the 3rd Party Software Supply Chain Security framework (Q4 2025) and support its deployment during 2026.
• Define governance and operating structures (RACI, committees, reporting lines) for supplier software security management.
• Design and document processes for supplier and subcontractor risk management, aligned with DORA and internal security requirements.
• Develop and validate the supporting data model for mapping suppliers, software, and open-source components.
• Coordinate stakeholders across multiple divisions to align on scope, priorities, and execution.
• Define monitoring and reporting requirements, including dashboards, KPIs, and operational follow-up mechanisms.
• Support the design of incident response procedures involving third-party security events.
• Ensure integration of new processes into existing supplier governance and review structures.

Required Skills & Experience

Essential:

• Strong experience in process design, documentation, and improvement using methodologies such as BPMN.
• Proven experience designing IT governance frameworks (RACI, Target Operating Model, ITIL, COBIT).

• Knowledge of security governance and risk management frameworks (CISM, ISO 27001, or equivalent).
• Strong stakeholder management, coordination, and communication skills.
• Ability to balance security, operational efficiency, and regulatory compliance in process design.
• Experience within a regulated environment, ideally in financial services or critical infrastructure.

Desirable:

• Understanding of software supply chain security, including SBOMs, vulnerability scanning, and dependency management.
• Experience working on DORA compliance or similar regulatory frameworks.
• Prior involvement in cross-functional cybersecurity or IT risk transformation projects.

Please do send an up to date CV to eobiechefu@welovesalt.com

*Rates depend on experience and client requirements