Manager, Security Third Party Risk Management

Manager, Security Third Party Risk Management

Hybrid

About Us

At Cloudflare, we are on a mission to help build a better Internet. Today the company runs one of the world's largest networks that powers millions of websites and other Internet properties for customers ranging from individual bloggers to SMBs to Fortune 500 companies. Cloudflare protects and accelerates any Internet application online without adding hardware, installing software, or changing a line of code.

The Team

We are looking to hire an experienced manager for our Third Party Risk Program on our Security Governance, Risk, and Compliance team. This role will be responsible for managing a team of third party risk specialists, overseeing vendor & data center security reviews, and maturing our third party risk program & tooling.

What you'll do

• Own and manage our third party risk management program controls including vendor risk assessments, security contract terms, and continuous monitoring.
• Determine strategy for assessing and tiering Cloudflare vendors based on security impact.
• Lead Cloudflare's vendor risk assessment process by setting security policies and standards for various types of vendor engagements.
• Ensure that vendors are assessed in accordance with Cloudflare's security policies and standards.
• Support negotiation of security contract terms with vendors by maintaining guidance for Contracts/Legal teams and addressing contract escalations.
• Manage risk findings and policy exceptions identified through the vendor assessments by assessing risk, compensating controls, and determining acceptable risk thresholds.
• Partner with Sourcing, Contracts, Legal, Privacy, and Security teams to support Cloudflare's vendor lifecycle including onboarding, implementation, monitoring, and offboarding.
• Support the design and implementation of a new Procurement tool.
• Manage, engage, and grow a distributed team of Third Party Risk Management Specialists.
• Travel as needed to engage teammates, stakeholders, and vendors in San Francisco, Austin, or other global Cloudflare locations.

Examples of desirable skills, knowledge and experience

• Experience typically gained in 5-8 years working in Security GRC
• Experience managing a third party risk program
• Experience managing a team of GRC specialists
• Solid understanding of security contract terms
• Strong leader and business partner
• Strong organizational, analytical, and interpersonal skills

Sound like something you'd like to be a part of? We'd love to hear from you!

This position may require access to information protected under U.S. export control laws, including the U.S. Export Administration Regulations. Please note that any offer of employment may be conditioned on your authorization to receive software or technology controlled under these U.S. export laws without sponsorship for an export license.

Cloudflare is proud to be an equal opportunity employer. We are committed to providing equal employment opportunity for all people and place great value in both diversity and inclusiveness. All qualified applicants will be considered for employment without regard to their, or any other person's, perceived or actual race, color, religion, sex, gender, gender identity, gender expression, sexual orientation, national origin, ancestry, citizenship, age, physical or mental disability, medical condition, family care status, or any other basis protected by law. We are an AA/Veterans/Disabled Employer.

Cloudflare provides reasonable accommodations to qualified individuals with disabilities. Please tell us if you require a reasonable accommodation to apply for a job.

Apply for this job

indicates a required field