IT Security Engineer ensuring secure data exchange in the insurance industry. Collaborating on technical security tasks and developing security systems with a focus on efficient data management.
About the role
- Join Cloudflare as a Security Third Party Risk Management Specialist. Execute vendor reviews and improve Cloudflare’s Third Party Risk Program in a rapidly scaling security organization.
Responsibilities
- Execute vendor security reviews by collecting and analyzing vendor security control documentation and audit reports.
- Identify third-party security risks, documenting findings, and recommending risk treatment options.
- Determine security contract requirements & communicate these to the Contracts & Legal teams.
- Maintain Cloudflare’s Vendor Master, including our list of Critical vendors.
- Support Cloudflare’s customer-facing and incident response teams by ensuring our vendors are not affected by recent zero-day vulnerabilities or security incidents.
- Support Cloudflare’s security certification audits by providing evidence of vendor security reviews.
- Partner with stakeholders across Cloudflare’s Procurement, IT, Contracts, Legal, and Privacy teams to ensure vendor due diligence is completed efficiently.
- Lead projects to improve the Vendor Security Review process, workflow, and tooling.
- Some travel may be required to engage teammates and stakeholders in San Francisco, Austin, or other global Cloudflare locations.
Requirements
- 5-8 years of experience in Security GRC
- Experience reviewing vendor security documentation including ISO 27001, SOC 2, PCI DSS, and other audit reports
- Experience identifying security controls gaps, determining risk ratings, and recommending mitigating controls
- Familiarity with security contract requirements
- Strong organizational, analytical, and interpersonal skills
- Self-starter with the ability to work independently with a sense of curiosity
Benefits
- Health insurance
- Flexible work arrangements
- Professional development opportunities
- Paid time off
Job title
Job type
Experience level
Salary
Not specified
Degree requirement
No Education Requirement
Location requirements
Cybersecurity Engineer involved in maintaining cybersecurity throughout product life cycles. Working with a skilled team to enhance security measures in critical environments.
Cybersecurity Engineer I at Travelers enhancing network security for cloud - based solutions and zero trust architectures. Collaborating on security controls and protocols across systems.
Network Security Engineer handling L2/L3 configurations, firewall management, and operational documentation. Supporting infrastructure - related projects at Arcatem by Artemys with a focus on team collaboration.
Safety & Security Specialist ensuring safety and security at Ohio’s Hospice facilities. Responding to emergencies, patrolling grounds, and communicating with law enforcement as needed.
Member of Technical Staff specializing in Cloud Security at Wind River. Implementing DevSecOps technologies and securing cloud - native environments.
Cybersecurity Consultant strengthening the Incident Response Team at Conscia. Responsibilities include onboarding, incident management, and reporting for critical security incidents.
Cyber Security Advisor safeguarding client digital environments by addressing cyber risks at Centorrino Technologies in Melbourne and Perth. Ensuring compliance with regulations and effective incident response.
Manage revenue growth across the UK National Security community for AI solutions at Mind Foundry. Lead sales lifecycle from opportunity qualification through contract negotiation and account expansion.
Lead technical design and delivery of Early Warning’s cross - border consumer money movement platform leveraging blockchain and stablecoins. Collaborate across teams to define strategy and architecture for secure and scalable solutions.