Manager, Security Third Party Risk Management

The Team
We are looking to hire an experienced manager for our Third Party Risk Program on our Security Governance, Risk, and Compliance team. This role will be responsible for managing a team of third party risk specialists, overseeing vendor & data center security reviews, and maturing our third party risk program & tooling.
What you'll do

• Own and manage our third party risk management program controls including vendor risk assessments, security contract terms, and continuous monitoring.
• Determine strategy for assessing and tiering Cloudflare vendors based on security impact.
• Lead Cloudflare's vendor risk assessment process by setting security policies and standards for various types of vendor engagements.
• Ensure that vendors are assessed in accordance with Cloudflare's security policies and standards.
• Support negotiation of security contract terms with vendors by maintaining guidance for Contracts/Legal teams and addressing contract escalations.
• Manage risk findings and policy exceptions identified through the vendor assessments by assessing risk, compensating controls, and determining acceptable risk thresholds.
• Partner with Sourcing, Contracts, Legal, Privacy, and Security teams to support Cloudflare's vendor lifecycle including onboarding, implementation, monitoring, and offboarding.
• Support the design and implementation of a new Procurement tool.
• Manage, engage, and grow a distributed team of Third Party Risk Management Specialists.
• Travel as needed to engage teammates, stakeholders, and vendors in San Francisco, Austin, or other global Cloudflare locations.

Examples of desirable skills, knowledge and experience

• Experience typically gained in 5-8 years working in Security GRC
• Experience managing a third party risk program
• Experience managing a team of GRC specialists
• Solid understanding of security contract terms
• Strong leader and business partner
• Strong organizational, analytical, and interpersonal skills