Jobs · Finance

Third Party Risk Management (TPRM) Analyst (Remote)

CrowdStrike · United States · 1 wk ago
RemoteRemoteFinance$85k–$120k/yrFull-time

About the role

CrowdStrike is seeking a Third Party Risk Management (TPRM) Analyst to join our Policy, Risk Management, and Controls team (PCRM). This role is essential in identifying, assessing, and managing the security risks introduced through third-party relationships as CrowdStrike's ecosystem of vendors, partners, and suppliers continues to grow.

Responsibilities

  • Manage and mature CrowdStrike's Third Party Risk Management program, including policies, standards, procedures, and assessment methodologies.

  • Conduct security risk assessments of third-party vendors, evaluating controls across domains such as data security, access management, incident response, business continuity, and compliance.

  • Tier and prioritize vendors based on risk factors including data sensitivity, operational dependency, and regulatory scope.

  • Manage vendor risk findings, remediation plans, and exceptions, working with vendors and internal stakeholders to resolve issues in a timely manner.

  • Monitor the third-party risk landscape, including emerging threats, regulatory changes, and vendor security incidents, and communicate relevant updates to stakeholders.

  • Develop and maintain TPRM dashboards and reporting to provide visibility into vendor risk posture and program health.

  • Develop and deliver training and communications to internal stakeholders on TPRM processes, requirements, and responsibilities.

  • Identify opportunities to automate and optimize TPRM workflows, leveraging GRC tooling and integrations to improve efficiency and scalability.

  • Proactively identify gaps in the TPRM program and lead efforts to address and remediate them.

  • Perform other duties within the scope of Third Party Risk Management and broader Cyber GRC.

Requirements

  • Bachelor's degree in Computer Science, Information Security, Business, or a related field; or up to 5 years of experience.

  • Technical focus on third party risk management, vendor risk, supply chain security, or related disciplines.

  • Experience with GRC or TPRM platforms such as ServiceNow, OneTrust, ProcessUnity, or similar tools.

  • Strong understanding of security risk assessment methodologies and control frameworks applicable to third-party environments.

  • Familiarity with regulatory requirements and frameworks such as SOC 1/SOC 2, ISO 27001/27002, NIST 800-53, CSA-CCM, GDPR, and PCI-DSS as they apply to vendor relationships.

  • Experience with reviewing vendor security documentation, including SOC reports, penetration test results, and questionnaire responses.

  • Proven experience utilizing AI technologies to enhance decision-making, streamline workflows and processes, improve efficiency and drive business outcomes.

Skills

  • CISSP, CISM, CRISC, or equivalent security certifications.

  • Certifications specific to third party risk such as CTPRP (Certified Third Party Risk Professional) are a plus.

  • Ability to think strategically about supply chain and vendor risks and connect them to CrowdStrike's broader risk posture.

  • Strong analytical and problem-solving skills to evaluate vendor controls, identify gaps, and prioritize remediation.

  • Excellent communication skills with the ability to convey technical risk findings to non-technical stakeholders, including executives and procurement teams.

  • Proven ability to build and maintain relationships with external vendors and internal cross-functional partners.

  • Leadership skills to drive vendor risk assessments, manage remediation efforts, and influence stakeholders without direct authority.

  • Experience managing risk programs or projects, including scoping, stakeholder coordination, and tracking deliverables against timelines.

Benefits

  • Market leader in compensation and equity awards

  • Comprehensive physical and mental wellness programs

  • Competitive vacation and holidays for recharge

  • Paid parental and adoption leaves

  • Professional development opportunities for all employees regardless of level or role

  • Employee Networks, geographic neighborhood groups, and volunteer opportunities to build connections

  • Vibrant office culture with world class amenities

  • Great Place to Work Certified™ across the globe

Similar jobs