About the Team

Come help us build the world's most trusted on-demand, logistics engine for delivery! We're building a team of great minds to help us secure and maintain a 24x7, no downtime, global infrastructure system that powers DoorDash’s multi-sided marketplace of consumers, merchants, and drivers.

About the Role

The Governance, Risk, and Compliance (GRC) team is looking for a Third-Party Risk Management (TPRM) Manager who will be responsible for leading a program to manage Third Party Supplier security risks. If you are comfortable and have experience managing a highly motivated team, fast-paced working environment, taking ownership of the Third Party Security Risk program and making room at the table to improve our security posture, we want to talk to you!

You will report to the Sr. Manager - GRC our Security organization. 

You’re excited about this opportunity because you will…

• Manage the TPRM lifecycle, including risk assessments, due diligence questionnaires, new vendor onboarding, re-assessment, on-site audits, and contract reviews.
• Maintain TPRM tools, artifacts, and reporting capabilities to provide visibility into supplier risk exposure and ensure timely identification and mitigation of risks.
• Oversee the TPRM team, providing guidance and support to ensure vendor risk management.
• Be a key contact for internal stakeholders and external vendors regarding TRPM issues and inquiries.
• Partner with risk domain SMEs (i.e., sourcing team, CorpSec, IT, etc.) to develop and implement robust vendor risk management policy and procedures.
• Manage the team's OKRs to ensure the delivery of exceptional services and the team's engagement and development.

We’re excited about you because you have…

• Minimum of 6 years with third-party risk management methodologies & managing a third-party risk management function
• Bachelor’s or Master’s degree in Information Security, Computer Science, Business Administration, or related field.
• Experience with information security, privacy, compliance frameworks, and risk management principles (e.g., NIST, ISO 27001, SOC 2). 
• Experience with banking regulation (e.g., GLBA)
• Experience with third-party risk systems, including survey techniques and scoring systems
• Experience with how systems work, what security risks affect a variety of data, applications, and infrastructure, and how those risks translate to third parties
• Experience solving complex, systemic issues that require creative thinking and solutions
• Excellent verbal and written communication skills - you are able to translate business requirements into technical solutions and vice versa easily
• CISA, CISSP, or other industry certifications are a plus

We expect this position to be filled by 3/26/25

Notice to Applicants for Jobs Located in NYC or Remote Jobs Associated With Office in NYC Only

We use Covey as part of our hiring and/or promotional process for jobs in NYC and certain features may qualify it as an AEDT in NYC. As part of the hiring and/or promotion process, we provide Covey with job requirements and candidate submitted applications. We began using Covey Scout for Inbound from August 21, 2023, through December 21, 2023, and resumed using Covey Scout for Inbound again on June 29, 2024.

The Covey tool has been reviewed by an independent auditor. Results of the audit may be viewed here: Covey