Cloudflare

Security Third Party Risk Management Specialist

Cloudflare

full-time

Posted on:

Location Type: Hybrid

Location: Lisbon • 🇵🇹 Portugal

Visit company website
AI Apply
Apply

Job Level

JuniorMid-Level

About the role

  • Execute vendor security reviews by collecting and analyzing vendor security control documentation and audit reports.
  • Assist in identifying third-party security risks, documenting findings, and recommending risk treatment options.
  • Collaborate with the Contracts & Legal teams to ensure security contract requirements are incorporated into vendor agreements.
  • Support the maintenance of Cloudflare’s vendor master list, ensuring data accuracy and proper classification of critical vendors.
  • Help the team monitor current security events (e.g., zero-day vulnerabilities) and support outreach to vendors to confirm their status and remediation efforts.
  • Gather and prepare evidence of vendor security reviews to support Cloudflare’s security certification audits.
  • Liaise and coordinate with stakeholders across Cloudflare’s Procurement, IT, Contracts, Legal, and Privacy teams to ensure vendor due diligence workflows are completed efficiently.
  • Assist in the ongoing improvement of the vendor security review process, documentation, and tooling.
  • Some travel may be required to engage teammates and stakeholders in San Francisco, Austin, or other global Cloudflare locations.

Requirements

  • 2-5 years working in Security GRC
  • Experience reviewing vendor security documentation including ISO 27001, SOC 2, PCI DSS, and other audit reports
  • Experience identifying security controls gaps, determining risk ratings, and recommending mitigating controls
  • Familiarity with security contract requirements
  • Strong organizational, analytical, and interpersonal skills
  • Self-starter with the ability to work independently with a sense of curiosity
Benefits
  • Health insurance
  • Professional development opportunities

Applicant Tracking System Keywords

Tip: use these terms in your resume and cover letter to boost ATS matches.

Hard skills
vendor security reviewssecurity control documentationaudit reportsrisk treatment optionssecurity certification auditssecurity controls gapsrisk ratingsmitigating controlsISO 27001SOC 2
Soft skills
organizational skillsanalytical skillsinterpersonal skillsself-starterindependent workcuriosity
Certifications
PCI DSS