Senior Security Engineer leading security initiatives to protect customer data at an AI - native legal tech company. Collaborating across functions to ensure compliance and security best practices.
About the role
- Security Third Party Risk Management Specialist managing vendor security reviews and risks at Cloudflare. Collaborating across teams to support third party risk management in a hybrid work environment.
Responsibilities
- Execute vendor security reviews by collecting and analyzing vendor security control documentation and audit reports.
- Assist in identifying third-party security risks, documenting findings, and recommending risk treatment options.
- Collaborate with the Contracts & Legal teams to ensure security contract requirements are incorporated into vendor agreements.
- Support the maintenance of Cloudflare’s vendor master list, ensuring data accuracy and proper classification of critical vendors.
- Help the team monitor current security events (e.g., zero-day vulnerabilities) and support outreach to vendors to confirm their status and remediation efforts.
- Gather and prepare evidence of vendor security reviews to support Cloudflare’s security certification audits.
- Liaise and coordinate with stakeholders across Cloudflare’s Procurement, IT, Contracts, Legal, and Privacy teams to ensure vendor due diligence workflows are completed efficiently.
- Assist in the ongoing improvement of the vendor security review process, documentation, and tooling.
- Some travel may be required to engage teammates and stakeholders in San Francisco, Austin, or other global Cloudflare locations.
Requirements
- 2-5 years working in Security GRC
- Experience reviewing vendor security documentation including ISO 27001, SOC 2, PCI DSS, and other audit reports
- Experience identifying security controls gaps, determining risk ratings, and recommending mitigating controls
- Familiarity with security contract requirements
- Strong organizational, analytical, and interpersonal skills
- Self-starter with the ability to work independently with a sense of curiosity
Benefits
- Health insurance
- Professional development opportunities
Job title
Job type
Experience level
Salary
Not specified
Degree requirement
Location requirements
Working Student in Information Security at Allianz Direct supporting security monitoring and managing vulnerability assessments. Collaborating with cross - functional teams to enhance cybersecurity posture and awareness.
Enterprise Security Implementation Specialist at Vodafone supporting customers in implementing security solutions. Responsibilities include onboarding, incident management, and ensuring service quality with Fortinet and Zscaler products.
Cyber Security Specialist at Vodafone responsible for shaping and deploying security measures. Collaborating with business, IT, and Network teams as a trusted security partner.
Manager at PwC contributing to digital transformation in Utilities through technology consulting and stakeholder management. Focused on creating strategies and providing technology solutions in a data - driven world.
Research Associate conducting advanced research in iOS security within a leading institute for applied cybersecurity. Emphasis on secure application development and vulnerability analysis.
Cybersecurity Engineer focused on threat monitoring and incident response for Verizon's network security. Collaborating on security architecture and vulnerability management across multiple locations.
Senior Manager of Application Security leading initiatives to protect applications at Nordstrom through strategic leadership and AI - driven tooling. Collaborating with engineering to ensure secure software development practices.
Information Security Engineer responsible for deploying and supporting security tools across cloud and on - premise systems. Collaborating with IT to mitigate security risks in a hybrid work environment.
Casual Retail Security Officer for MSS Security ensuring safety at Tweed Mall in Tweed Heads. Responsible for patrols, incident response, and customer service.