Information Security Analyst implementing risk management in a global enterprise. Collaborating across teams to enhance security and compliance operations in a fast - paced environment.
About the role
- Join Cloudflare as a Security Third Party Risk Management Specialist. Execute vendor reviews and improve Cloudflare’s Third Party Risk Program in a rapidly scaling security organization.
Responsibilities
- Execute vendor security reviews by collecting and analyzing vendor security control documentation and audit reports.
- Identify third-party security risks, documenting findings, and recommending risk treatment options.
- Determine security contract requirements & communicate these to the Contracts & Legal teams.
- Maintain Cloudflare’s Vendor Master, including our list of Critical vendors.
- Support Cloudflare’s customer-facing and incident response teams by ensuring our vendors are not affected by recent zero-day vulnerabilities or security incidents.
- Support Cloudflare’s security certification audits by providing evidence of vendor security reviews.
- Partner with stakeholders across Cloudflare’s Procurement, IT, Contracts, Legal, and Privacy teams to ensure vendor due diligence is completed efficiently.
- Lead projects to improve the Vendor Security Review process, workflow, and tooling.
- Some travel may be required to engage teammates and stakeholders in San Francisco, Austin, or other global Cloudflare locations.
Requirements
- 5-8 years of experience in Security GRC
- Experience reviewing vendor security documentation including ISO 27001, SOC 2, PCI DSS, and other audit reports
- Experience identifying security controls gaps, determining risk ratings, and recommending mitigating controls
- Familiarity with security contract requirements
- Strong organizational, analytical, and interpersonal skills
- Self-starter with the ability to work independently with a sense of curiosity
Benefits
- Health insurance
- Flexible work arrangements
- Professional development opportunities
- Paid time off
Job title
Job type
Experience level
Salary
Not specified
Degree requirement
No Education Requirement
Location requirements
Nuclear Security Consultant leading protective security projects at Frazer - Nash. Delivering security solutions against nuclear threats while collaborating with clients and internal teams.
Security Officer responsible for protecting, securing, and promoting safety at Memorial Hermann Hospital. Monitoring designated areas and responding to security emergencies, adhering to all policies and procedures.
Client Support Advisor delivering face - to - face service to clients in Scottish Borders. Helping them understand and access benefits with tailored one - to - one support.
Staff Security Architect defining and implementing secure architectures at Yum! Brands supporting global EMEA initiatives.
DevSecOps engineer ensuring security practices in software development lifecycle at Ford. Collaborating with teams and implementing secure coding practices.
Senior IT Security Engineer protecting IT Security platforms for one of the largest e - commerce sites in the U.S. Designing and managing security solutions to ensure network safety.
Cybersecurity Engineer supporting a critical U.S. Navy program enhancing national security and operational readiness. Designing and implementing secure system architectures for Navy combat systems and environments.
CyberSecurity Team Lead overseeing vulnerability management and security integration for Mistral's AI solutions. Collaborating with teams to enhance security posture and protect infrastructure.
Information Security Awareness Associate developing engaging security awareness content for employees at RS Group. Supporting awareness campaigns and coordinating security communications.