Business Analyst COTS Project (Third-Party Software Supply Chain Security)

Mission Overview:

Keystone Solutions is seeking a skilled Business Analyst to contribute to a consultancy mission focused on enhancing third-party software supply chain security for our client. The successful candidate will be instrumental in both the design phase of the project set for Q4 2025 and the deployment of the defined strategies in 2026.

Project Scope:

This project aims to establish new capabilities to manage security where software suppliers are involved. Specifically, the tasks will include:

• For suppliers providing on-premises software to our client, the establishment of processes to ensure:
  • Compliance with security practices during the development and maintenance of the software.
  • Inventory management of libraries, including open source, used in software development.
  • Identification and management of vulnerabilities associated with the software and libraries.
• For suppliers providing SaaS applications, ensuring:
  • Adherence to our client's security practices during software development, hosting, and maintenance.
  • Inventory management of libraries utilized in software development.
  • Identification and management of vulnerabilities in relation to the software and libraries.
• Defining and coordinating the implementation and maintenance of dedicated reporting to support these activities:
  • Mapping third parties to software.
  • Mapping third parties to cloud services.
  • Creating mappings for each software to libraries.
• Reviewing alert and incident response procedures involving third parties and establishing response mechanisms when incidents occur.
• Deploying processes to manage supplier subcontractors according to DORA and security practices, including:
  • Defining processes for identification of subcontractors.
  • Evaluating security risks associated with subcontractors.
  • Establishing monitoring controls and response plans to address specific risks posed by subcontractors.
  • Creating and maintaining data repositories to support activities.
• Enhancing existing governance through operational follow-ups with suppliers to track and coordinate activities.

Key Responsibilities:

The selected candidate will be responsible for:

• Defining governance for the management of the outlined activities (RACI, committees).
• Clarifying the scope of activities to ensure a balance between cost-effectiveness and risk management.
• Designing processes to effectively organize these activities.
• Participating in the design of the data model to support these activities.
• Ensuring coordination among various stakeholders, effectively communicating the CISO IT Risk vision, and convincing when necessary.

Key Skills:

• Demonstrated experience in process design and the ability to document processes in line with industry best practices, including relevant methodologies such as BPMN.
• Strong communication and coordination skills, with the ability to engage stakeholders across the organization, including Supply Chain, CISO, and GTS teams.
• Proven experience in designing IT governance frameworks (RACI, target operating model), with knowledge of IT governance methodologies (ITIL, COBIT) and security governance (CISM).
• Excellent communication abilities.
• Experience in the financial sector is preferred, with prior experience at our client being a plus.

If you are ready to tackle technical and strategic challenges in a dynamic consultancy environment, apply today.