Job Description
Apply now
Third Party Security Assessor

The role:

Interested in the Mission of Our Third Party Inspect and Control Team? Well, here is some information:

TPSICT enables business and IT in the realization of their objectives by providing guidance and coaching in the process of selection, management and control of Third Party (IT) Services. TPS also enables KBC to ensure maximum leverage of opportunities, while remaining compliant and keeping risks under control.
 
As our Third Party Security Assessor, you would have the following responsibilities:
 
•    Ensuring that customers can use our services securely. Colleagues are trusting your advice on vendor assessments.
•    Reviewing vendor self-assessments questionnaires (Standard Information Gathering questionnaires) and provided evidence to confirm (or not) the self-assessment of the vendor.
•    Interpreting evidence provided by the vendor as part of the self-assessment.
•    Interpreting reports of security scans.
•    Drafting a Vendor Information Security Report and discuss this with the stakeholders ((B)ISO, Management)
•    Reviewing the vendor self-assessment in pre-contract phase and via periodically reassessments. This way KBC will be able to anticipate threats, we retain our customers' trust in our services and continue to innovate in a safe manner.
•    Reviewing and interpreting independent audit reports, including SOC 1/SOC 2 reports, ISO 27001 certification packages, and penetration test results, ensuring compliance with KBC and regulatory (e.g., DORA) expectations.


Key competences that will help you succeed:
 
•    Professional experience of at least: 3 years of experience in cyber security.
•    Ability to talk and understand both the Board level and the IT Engineers
•    Good quality diagnosis of the ‘as is’ situation
•    Convincing and leading: in presenting a risk controlled and workable ‘to be’ situation
•    Prior experience in IT audit, internal audit, or assurance, particularly evidence-based control evaluation
 
You are a perfect fit for us if:
 
•    You have strong analytical and synthesizing skills
•    You have strong communication skills
•    You are comfortable working with internationally recognized frameworks such as ISO 27001/27002, SOC 1/2, NIST, or CIS controls.
•    You enjoy diving into technical evidence, identifying control gaps, and transforming findings into clear, actionable risk insights.
•    You hold or are working toward professional certifications such as CISSP, CISA, ISO 27001 Lead Auditor/Implementer, CRISC, or other recognized security and audit certifications.
 
If you find this job opportunity interesting and you recognize yourself in the above, apply via the button with your CV in English. 

Recruiter Name

Zlatina Ivelinova Petrova
Contract Type:  Permanent
Functional Area:  Others
Job Location (Short): 
Company:  KBC Global Services Bulgaria Branch
Business Unit:  KBC GSBG SOURCING SERVICES II
Team:  KBS GSBG TPSICT
Req ID:  90035
Apply now