As Manager of Security Third Party Risk Management at Cloudflare, you will oversee the third party risk management program, lead vendor security assessments, manage contract negotiations, and grow a distributed team of specialists while collaborating with various internal teams.
The Team
We are looking to hire an experienced manager for our Third Party Risk Program on our Security Governance, Risk, and Compliance team. This role will be responsible for managing a team of third party risk specialists, overseeing vendor & data center security reviews, and maturing our third party risk program & tooling.
What you'll do
- Own and manage our third party risk management program controls including vendor risk assessments, security contract terms, and continuous monitoring.
- Determine strategy for assessing and tiering Cloudflare vendors based on security impact.
- Lead Cloudflare's vendor risk assessment process by setting security policies and standards for various types of vendor engagements.
- Ensure that vendors are assessed in accordance with Cloudflare's security policies and standards.
- Support negotiation of security contract terms with vendors by maintaining guidance for Contracts/Legal teams and addressing contract escalations.
- Manage risk findings and policy exceptions identified through the vendor assessments by assessing risk, compensating controls, and determining acceptable risk thresholds.
- Partner with Sourcing, Contracts, Legal, Privacy, and Security teams to support Cloudflare's vendor lifecycle including onboarding, implementation, monitoring, and offboarding.
- Support the design and implementation of a new Procurement tool.
- Manage, engage, and grow a distributed team of Third Party Risk Management Specialists.
- Travel as needed to engage teammates, stakeholders, and vendors in San Francisco, Austin, or other global Cloudflare locations.
Examples of desirable skills, knowledge and experience
- Experience typically gained in 5-8 years working in Security GRC
- Experience managing a third party risk program
- Experience managing a team of GRC specialists
- Solid understanding of security contract terms
- Strong leader and business partner
- Strong organizational, analytical, and interpersonal skills
Similar Jobs at Cloudflare
Cloud • Information Technology • Security • Software • Cybersecurity
The Sourcing Category Manager for Marketing & Corporate Services will lead the development and execution of sourcing strategies, manage supplier relationships, and negotiate complex contracts to deliver savings and value. This role requires strong analytical skills and the ability to communicate effectively with stakeholders and executives.
Cloud • Information Technology • Security • Software • Cybersecurity
The Administrative Assistant will support the Area Vice President by managing calendars, coordinating travel, preparing expense reports, organizing meetings, and assisting with special projects and event planning.
Cloud • Information Technology • Security • Software • Cybersecurity
The Procure to Pay Global Process Owner will optimize and standardize global procure to pay processes, working closely with stakeholders to align strategies, document procedures, drive improvements, and ensure compliance while fostering a culture of continuous improvement through training and communication.
What you need to know about the Ottawa Tech Scene
The capital city of Canada and the nation's fourth-largest urban area, Ottawa has proven a rapidly growing global tech hub. With over 1,800 tech companies, many of which are leaders in their sectors, the city's tech talent now makes up more than 13 percent of its total workforce. This growth is driven not only by the big players like UL Solutions and Dropbox, but also by a thriving startup ecosystem, as new businesses emerge to follow in the footsteps of those that came before them.
