Manager, Third Party Risk Management (Remote)
About the role
CrowdStrike is seeking an experienced Manager, Third Party Risk Management (TPRM) to lead a high-performing team responsible for assessing and managing risks associated with our third-party vendor ecosystem. This role sits within the GRC organization and is critical to protecting CrowdStrike's customers, data, and operations through rigorous, scalable, and forward-thinking vendor risk practices.
Responsibilities
- Lead, mentor, and develop a team of 4 TPRM professionals, fostering a culture of accountability, continuous learning, and operational excellence
- Serve as an escalation point for complex vendor risk issues and assessments
- Oversee end-to-end third-party risk assessments including inherent risk tiering, due diligence, control evaluations, and residual risk determinations
- Manage the full vendor risk lifecycle including onboarding, periodic reassessment, and offboarding, ensuring consistent application of TPRM standards
- Partner with Procurement, Legal, IT, Security, and Business stakeholders to embed risk considerations into the vendor engagement process
- Evaluate vendor security posture, compliance certifications (SOC 2, ISO 27001, etc.), and contractual obligations
- Create and enhance a cybersecurity vendor risk management program, including the identification, evaluation, and mitigation of risks across the organization
- Conduct third party controls evaluations and audits
- Perform other duties within the scope of governance, risk and compliance
- Work across organizations to help align organizations with shared third party compliance goals and objectives
- Coordinate with IT and business units to implement effective cybersecurity measures and integrate security practices into business processes
- Collaborate with cross-functional teams, including procurement, legal, and IT, to ensure comprehensive vendor risk management
- Lead the implementation of process improvements and efficiencies identified through a recent kaizen event, driving measurable outcomes
- Create and expand automation capabilities within ServiceNow TPRM to reduce manual effort and increase assessment throughput
- Identify and implement AI-driven capabilities to enhance risk scoring, vendor monitoring, and workflow efficiency
- Define and track KPIs and metrics to demonstrate program maturity and effectiveness to senior leadership
- Develop and maintain TPRM policies, standards, and procedures in alignment with industry frameworks (NIST, ISO 27001, SOC 2, FAIR, etc.)
- Prepare and present risk reporting and program status updates to senior leadership and key stakeholders
- Support internal and external audit activities related to third-party risk
Requirements
- 10+ years of experience in Third Party Risk Management, GRC, information security risk, or related controls disciplines
- 3+ years of people management experience, with demonstrated ability to lead and develop teams
- Hands-on experience with ServiceNow Third Party Risk Management (TPRM) module
- Demonstrated experience driving process improvement, automation, or operational efficiency initiatives within a risk or compliance program
- Strong understanding of security and compliance frameworks including NIST CSF, ISO 27001, SOC 2, NIST 800-53, and/or SIG
- Experience with or strong interest in applying AI/ML tools to GRC or risk management workflows
- Excellent communication and stakeholder management skills — able to translate technical risk concepts for business audiences
- Ability to operate effectively in a fast-paced, high-growth environment
- Proven experience working across teams and global regions to achieve company objectives and review goals
- Ability to build rapport and maintain relationships across a multitude of functions within the company, with external vendors, and with governmental teams
- Program and project management experience in scoping, work break-down, critical path analysis, resourcing, managing time and cost estimates, project risks, and quality
- Ability to think strategically about risks and tie those risks to tactical organizational activities
Qualifications
- Expert-level understanding of current processes and proactively search for ways to improve CrowdStrike’s risk posture and GRC program in ways that support a fast-paced, secure, and empowered environment in the tech industry
- Strategic thinker with a deep understanding of cybersecurity principles, third party risk management, and the ability to communicate effectively across all levels of the organization
Skills
- Expertise in vendor risk assessment methodologies, control frameworks, and risk lifecycle management
- Strong understanding of security and compliance frameworks including NIST CSF, ISO 27001, SOC 2, NIST 800-53, and/or SIG
- Experience with or strong interest in applying AI/ML tools to GRC or risk management workflows
- Excellent communication and stakeholder management skills — able to translate technical risk concepts for business audiences
- Ability to operate effectively in a fast-paced, high-growth environment
- Proven experience working across teams and global regions to achieve company objectives and review goals
- Ability to build rapport and maintain relationships across a multitude of functions within the company, with external vendors, and with governmental teams
- Program and project management experience in scoping, work break-down, critical path analysis, resourcing, managing time and cost estimates, project risks, and quality
- Ability to think strategically about risks and tie those risks to tactical organizational activities
Bonus Points
- Experience with a cloud environment and the CrowdStrike products or services
- Practical experience in Software Development and Secure Coding best practices
- Practical experience in performing integration risk assessments and threat modeling third party software components
- Experience in working with leading GRC products
Benefits
The benefits of working at CrowdStrike include:
- Market leader in compensation and equity awards
- Comprehensive physical and mental wellness programs
- Competitive vacation and holidays for recharge
- Paid parental and adoption leaves
- Professional development opportunities for all employees regardless of level or role
- Employee Networks, geographic neighborhood groups, and volunteer opportunities to build connections
- Vibrant office culture with world-class amenities
- Great Place to Work Certified™ across the globe
CrowdStrike is committed to fostering a culture of belonging where everyone is valued for who they are and empowered to succeed. We support veterans and individuals with disabilities through our affirmative action program. CrowdStrike is committed to providing equal employment opportunity for all employees and applicants for employment. The Company does not discriminate in employment opportunities or practices on the basis of race, color, creed, ethnicity, religion, sex (including pregnancy or pregnancy-related medical conditions), sexual orientation, gender identity, marital or family status, veteran status, age, national origin, ancestry, physical disability (including HIV and AIDS), mental disability, medical condition, genetic information, membership or activity in a local human rights commission, status with regard to public assistance, or any other characteristic protected by law. We base all employment decisions--including recruitment, selection, training, compensation, benefits, discipline, promotions, transfers, lay-offs, return from lay-off, terminations and social/recreational programs--on valid job requirements. If you need assistance accessing or reviewing the information on this website or need help submitting an application for employment or requesting an accommodation, please contact us at recruiting@crowdstrike.com for further assistance.
Find out more about your rights as an applicant. CrowdStrike participates in the E-Verify program. Notice of E-Verify Participation Right to Work