DoorDash USA
GRC Third-Party Risk Analyst
DoorDash USA, San Francisco, California, United States, 94199
Come help us build the world's most trusted on–demand, logistics engine for delivery! We're building a team of great minds to help us secure and maintain a 24x7, no downtime, global infrastructure system that powers DoorDash's multi–sided marketplace of consumers, merchants, and drivers.About the Role
The Governance, Risk, and Compliance (GRC) team is looking for a Third–Party Risk (TPR) Analyst who is smart, fast and a hard worker to help us ensure our employee and customer data is secure, wherever it lives. If you are comfortable taking ownership of assessment results and making room at the table to improve our security posture, we want to talk to you!You're excited about this opportunity because you will
Engage and manage our BPO program from a security and compliance perspectiveConduct in–person annual audits and assessments of our BPO partners to assure compliance with our security programEngage with vendors and partners in potential security incidents and act as the primary point of contact for incident investigations involving vendorsPerform intake and periodic security risk and business impact assessments of incidents caused by vendors and third–party partners, including creating a post–mortem with gaps, process and remediationWork with strategic sourcing and legal to review contracts and provide recommendations regarding security ridersFollow–up with vendors and partners post incidents to drive remediationMaintain the inventory of information assets and third partiesCreate process documentation, including workflows, process maps, & controlsProvide periodic reporting, including key performance indicators (KPIs), to ensure process health and continued ability to meet business needsWe're excited about you because
5+ years of experience with third party risk management methodologies, including performing security risk assessmentsFluent in process improvement methodologiesAbility to travel a couple of times a year to support on–site auditsExperience with regulatory compliance frameworks (e.g. PCI–DSS, SOX, SOC 2, ISO, NIST)Experience with third party risk systems, including survey techniques and scoring systemsSolid understanding of how systems work, what security risks affect a variety of data, applications, and infrastructure, and how those risks translate to third partiesExperience solving complex, systemic issues that require creative thinking and solutionsExcellent verbal and written communication skills – you are able to easily translate business requirements into technical solutions and vice versaCISA, CISSP, or other industry certifications are a plus
#J-18808-Ljbffr
The Governance, Risk, and Compliance (GRC) team is looking for a Third–Party Risk (TPR) Analyst who is smart, fast and a hard worker to help us ensure our employee and customer data is secure, wherever it lives. If you are comfortable taking ownership of assessment results and making room at the table to improve our security posture, we want to talk to you!You're excited about this opportunity because you will
Engage and manage our BPO program from a security and compliance perspectiveConduct in–person annual audits and assessments of our BPO partners to assure compliance with our security programEngage with vendors and partners in potential security incidents and act as the primary point of contact for incident investigations involving vendorsPerform intake and periodic security risk and business impact assessments of incidents caused by vendors and third–party partners, including creating a post–mortem with gaps, process and remediationWork with strategic sourcing and legal to review contracts and provide recommendations regarding security ridersFollow–up with vendors and partners post incidents to drive remediationMaintain the inventory of information assets and third partiesCreate process documentation, including workflows, process maps, & controlsProvide periodic reporting, including key performance indicators (KPIs), to ensure process health and continued ability to meet business needsWe're excited about you because
5+ years of experience with third party risk management methodologies, including performing security risk assessmentsFluent in process improvement methodologiesAbility to travel a couple of times a year to support on–site auditsExperience with regulatory compliance frameworks (e.g. PCI–DSS, SOX, SOC 2, ISO, NIST)Experience with third party risk systems, including survey techniques and scoring systemsSolid understanding of how systems work, what security risks affect a variety of data, applications, and infrastructure, and how those risks translate to third partiesExperience solving complex, systemic issues that require creative thinking and solutionsExcellent verbal and written communication skills – you are able to easily translate business requirements into technical solutions and vice versaCISA, CISSP, or other industry certifications are a plus
#J-18808-Ljbffr