[Hiring] Third Party Risk Management Analyst @CrowdStrike

Role Description

CrowdStrike is seeking a Third Party Risk Management (TPRM) Analyst to join our Policy, Risk Management, and Controls team (PCRM). This role will be essential in identifying, assessing, and managing the security risks introduced through third-party relationships.

• Develop, implement, and maintain CrowdStrike's TPRM policies, standards, and procedures.
• Lead security risk assessments of third-party vendors and partners.
• Generate detailed reports and dashboards to track vendor risk posture.
• Partner with Procurement, Legal, Privacy, IT, and business teams to address third-party risks.
• Continuously identify opportunities to streamline and automate TPRM workflows.

What You'll Do

• Manage and mature CrowdStrike's Third Party Risk Management program.
• Conduct security risk assessments of third-party vendors.
• Tier and prioritize vendors based on risk factors.
• Manage vendor risk findings, remediation plans, and exceptions.
• Monitor the third-party risk landscape and communicate updates.
• Develop and maintain TPRM dashboards and reporting.
• Develop and deliver training and communications on TPRM processes.
• Identify opportunities to automate and optimize TPRM workflows.
• Proactively identify gaps in the TPRM program.
• Perform other duties within the scope of Third Party Risk Management.

Qualifications

• Bachelor's degree in Computer Science, Information Security, Business, or a related field; or up to 5 years of experience.
• Technical focus on third party risk management, vendor risk, supply chain security, or related disciplines.
• Experience with GRC or TPRM platforms such as ServiceNow, OneTrust, ProcessUnity, or similar tools.
• Strong understanding of security risk assessment methodologies and control frameworks.
• Familiarity with regulatory requirements and frameworks such as SOC 1/SOC 2, ISO 27001/27002, NIST 800-53, CSA-CCM, GDPR, and PCI-DSS.
• Experience with reviewing vendor security documentation.

Certifications (Preferred)

• CISSP, CISM, CRISC, or equivalent security certifications.
• Certifications specific to third party risk such as CTPRP are a plus.

Soft Skills

• Ability to think strategically about supply chain and vendor risks.
• Strong analytical and problem-solving skills.
• Excellent communication skills with the ability to convey technical risk findings.
• Proven ability to build and maintain relationships with external vendors and internal partners.
• Leadership skills to drive vendor risk assessments and manage remediation efforts.

Program and Project Management

• Experience managing risk programs or projects.

Bonus Points

• Experience with continuous monitoring solutions for third-party risk.
• Familiarity with CrowdStrike products, services, or the broader cybersecurity industry.
• Practical experience in software development or secure coding practices.

Benefits

• Market leader in compensation and equity awards.
• Comprehensive physical and mental wellness programs.
• Competitive vacation and holidays for recharge.
• Paid parental and adoption leaves.
• Professional development opportunities for all employees.
• Employee Networks, geographic neighborhood groups, and volunteer opportunities.
• Vibrant office culture with world class amenities.
• Great Place to Work Certified™ across the globe.