Information Security Officer - Team Suppliers & Customers

Geplaatst op 24 februari 2026

Information Security Officer - Team Suppliers & Customers

As Information Security Officer (Third-Party Risk Management) you are responsible for managing and strengthening PostNL's security posture across suppliers and customer-facing partnerships. You combine cybersecurity expertise with stakeholder management skills, ensuring that third-party risks are identified, assessed and mitigated in a structured and pragmatic way. You assess security risks within supplier landscapes, evaluate compliance with PostNL security standards and relevant legislation (e.g. NIS2, GDPR), and advise internal stakeholders on required risk treatment measures. You act as a key partner for procurement, legal, vendor management and IT teams, ensuring that security is embedded in onboarding, contracting and lifecycle management of third parties.

Daarom kies je als Information Security Officer - Team Suppliers & Customers voor PostNL

• Strategic impact: Third-party risk is high on the board agenda. Your work directly contributes to resilience and compliance.
• Complex stakeholder landscape: You operate at the intersection of IT, business, legal and suppliers.
• Maturity growth: You contribute to further professionalizing TRPM within a large, regulated organization.
• Visibility: You interact with senior management and external strategic partners.
• Development: Opportunity to deepen expertise in regulatory frameworks (NIS2, DORA-like principles, supply chain security).

Dit is jouw rol

Within the Cyber Security Office (CSO), you are part of the Suppliers & Customers domain. This domain focuses on managing cyber risks that arise from external parties and strategic partnerships.

As TRPM-focused ISO you will:

• Perform third-party security risk assessments (due diligence, onboarding and periodic reassessments).
• Evaluate supplier compliance against ISO27001, NIST CSF and PostNL internal policies.
• Define and monitor mitigation plans together with business owners and suppliers.
• Advise on contractual security clauses and minimum control requirements.
• Support audits and evidence gathering related to supplier security.
• Contribute to improving the Third-Party Risk Management framework and tooling.
• Act as sparring partner for senior stakeholders in Procurement, Legal and IT.

You ensure the right balance between risk mitigation, regulatory compliance and operational feasibility. You understand that suppliers are critical to PostNL’s operations and that security must enable — not block — business continuity.

Jouw collega's

You are part of the Suppliers & Customers domain, collaborating closely with:

• DevOps teams across business units
• Cloud platform teams
• Enterprise and solution architects
• Business Information Security Officers
• Privacy and Data Governance teams

You play a key role in increasing the information security maturity of suppliers, collaborate with customers, and manage third-party risks across the supply chain.

Hier kom je terecht

Wij zijn PostNL. En samen met jou blijven we de favoriete bezorger. Dagelijks maken we 1,2 miljoen mensen blij met het bezorgen van bijzondere momenten. Dat kunnen we alleen dankzij jou en ons team mogelijk maken.

Dit bezorgen we jou

We support our people with a motivating work environment and enthusiastic colleagues, a commitment to promoting from within and a belief that every employee deserves a productive life outside of work.

• This position is on scale 11/12 (between € 4.588,- and € 7.559,- a month), depending on experience.
• 8% holiday pay and 25 holiday days (full-time).
• Flexible working hours to support work/life balance.
• Hybrid working model from home and from our head office next to Den Haag – Hollands Spoor station.
• NS Business Card for business travel and commuting.
• Collective health insurance and pension via the PostNL pension fund.
• Strong internal training and development opportunities.

Dit breng je mee

• Bachelor or Master degree in IT, Cybersecurity, Risk Management or Business Administration.
• 3–6+ years of relevant experience in Information Security or Third-Party Risk Management.
• Experience with supplier risk assessments and vendor security governance.
• Strong knowledge of ISO27001, NIST CSF, CIS Controls and audit processes.
• Understanding of NIS2, GDPR and supply chain risk requirements.
• Strong stakeholder management and negotiation skills.
• Ability to operate independently at medior/senior level.
• Relevant certifications (CISSP, CISM, CRISC, CISA) are considered a plus.

We do a background check during the application. We hereby ask you for a Certificate of Good Conduct (VOG).

We will also check your references and may conduct a tailor-made investigation.