Cybersecurity Expert leading the establishment of a FedRAMP - compliant SOC at Philips, a health technology company, while managing various cybersecurity initiatives.
About the role
- Join Cloudflare as a Security Third Party Risk Management Specialist. Execute vendor reviews and improve Cloudflare’s Third Party Risk Program in a rapidly scaling security organization.
Responsibilities
- Execute vendor security reviews by collecting and analyzing vendor security control documentation and audit reports.
- Identify third-party security risks, documenting findings, and recommending risk treatment options.
- Determine security contract requirements & communicate these to the Contracts & Legal teams.
- Maintain Cloudflare’s Vendor Master, including our list of Critical vendors.
- Support Cloudflare’s customer-facing and incident response teams by ensuring our vendors are not affected by recent zero-day vulnerabilities or security incidents.
- Support Cloudflare’s security certification audits by providing evidence of vendor security reviews.
- Partner with stakeholders across Cloudflare’s Procurement, IT, Contracts, Legal, and Privacy teams to ensure vendor due diligence is completed efficiently.
- Lead projects to improve the Vendor Security Review process, workflow, and tooling.
- Some travel may be required to engage teammates and stakeholders in San Francisco, Austin, or other global Cloudflare locations.
Requirements
- 5-8 years of experience in Security GRC
- Experience reviewing vendor security documentation including ISO 27001, SOC 2, PCI DSS, and other audit reports
- Experience identifying security controls gaps, determining risk ratings, and recommending mitigating controls
- Familiarity with security contract requirements
- Strong organizational, analytical, and interpersonal skills
- Self-starter with the ability to work independently with a sense of curiosity
Benefits
- Health insurance
- Flexible work arrangements
- Professional development opportunities
- Paid time off
Job title
Job type
Experience level
Salary
Not specified
Degree requirement
No Education Requirement
Location requirements
Cybersecurity Engineer developing cloud - based security architectures for critical DoD systems. Responsible for securing cloud infrastructure and automating security processes in innovative technology environments.
Automotive Cybersecurity Engineer supporting client projects at Expleo. Working with emerging technologies in a dynamic environment.
Technical Program Manager leading strategic cloud security initiatives for global enterprises. Orchestrating diverse teams and delivering innovative products to protect critical data and infrastructure.
Senior Information System Security Manager leading cybersecurity efforts for Boeing's defense initiatives. Overseeing compliance, risk management, and a large systems portfolio.
Mid - Level Information Security & Governance Specialist at Boeing ensuring NASA program compliance with cybersecurity expectations. Engage with Information System Owners and conduct assessments as needed.
Security Manager leading security initiatives and projects for Uniper in Düsseldorf. Collaborating across departments to improve security processes and compliance with regulations.
Staff Offensive Security Engineer at Greenlight, leading offensive security strategies and vulnerability assessments. Collaborating with teams to enhance security measures and ensure safe banking for families.
Join NVISO as a Cloud Security Consultant (Jr.) focusing on Azure/Microsoft 365 security solutions. Collaborate to understand and address cyber security requirements for clients.
Information Security Officer responsible for managing company cybersecurity and compliance. Developing security strategies and processes within an IT service provider for the food and beverage industry.