Find a job 
Featured Companies 
Featured Universities 
For Companies At a Glance
- Tasks: Conduct vendor security reviews and manage Cloudflare’s Third Party Risk Program.
- Company: Join Cloudflare, a leader in building a better Internet with a vibrant culture.
- Benefits: Enjoy competitive pay, flexible work options, and opportunities for personal growth.
- Why this job: Make a real impact on Internet security while working with innovative technologies.
- Qualifications: 5-8 years in Security GRC with strong analytical and interpersonal skills.
- Other info: Dynamic team environment with exciting projects and global collaboration.
The predicted salary is between 36000 - 60000 £ per year.
About Us
At Cloudflare, we are on a mission to help build a better Internet. Today the company runs one of the world’s largest networks that powers millions of websites and other Internet properties for customers ranging from individual bloggers to SMBs to Fortune 500 companies. Cloudflare protects and accelerates any Internet application online without adding hardware, installing software, or changing a line of code. Internet properties powered by Cloudflare all have web traffic routed through its intelligent global network, which gets smarter with every request. As a result, they see significant improvement in performance and a decrease in spam and other attacks.
The Team
We are looking to hire an experienced Security Third Party Risk Management Specialist on our Governance, Risk, and Compliance team. This role will be responsible for completing vendor security reviews, maintaining our vendor master list, and maintaining Cloudflare’s Third Party Risk Program. This is an opportunity to join a rapidly scaling and world class security organization within a billion dollar business.
What You’ll Do
- Execute vendor security reviews by collecting and analyzing vendor security control documentation and audit reports.
- Identify third‑party security risks, documenting findings, and recommending risk treatment options.
- Determine security contract requirements & communicate these to the Contracts & Legal teams.
- Maintain Cloudflare’s Vendor Master, including our list of Critical vendors.
- Support Cloudflare’s customer‑facing and incident response teams by ensuring our vendors are not affected by recent zero‑day vulnerabilities or security incidents.
- Support Cloudflare’s security certification audits by providing evidence of vendor security reviews.
- Partner with stakeholders across Cloudflare’s Procurement, IT, Contracts, Legal, and Privacy teams to ensure vendor due diligence is completed efficiently.
- Lead projects to improve the Vendor Security Review process, workflow, and tooling.
Examples Of Desirable Skills, Knowledge And Experience
- Experience typically gained in 5‑8 years working in Security GRC.
- Experience reviewing vendor security documentation including ISO 27001, SOC 2, PCI DSS, and other audit reports.
- Experience identifying security controls gaps, determining risk ratings, and recommending mitigating controls.
- Familiarity with security contract requirements.
- Strong organizational, analytical, and interpersonal skills.
- Self‑starter with the ability to work independently with a sense of curiosity.
What Makes Cloudflare Special?
We’re not just a highly ambitious, large‑scale technology company. We’re a highly ambitious, large‑scale technology company with a soul. Fundamental to our mission to help build a better Internet is protecting the free and open Internet.
Application Requirements
This position may require access to information protected under U.S. export control laws, including the U.S. Export Administration Regulations. Please note that any offer of employment may be conditioned on your authorization to receive software or technology controlled under these U.S. export laws without sponsorship for an export license.
Equal Opportunity Employer
Cloudflare is proud to be an equal opportunity employer. We are committed to providing equal employment opportunity for all people and place great value in both diversity and inclusiveness. All qualified applicants will be considered for employment without regard to their, or any other person's, perceived or actual race, color, religion, sex, gender, gender identity, gender expression, sexual orientation, national origin, ancestry, citizenship, age, physical or mental disability, medical condition, family care status, or any other basis protected by law.
Security Third Party Risk Management Specialist III employer: CloudFlare
Contact Detail:
CloudFlare Recruiting Team
StudySmarter Expert Advice 🤫
We think this is how you could land Security Third Party Risk Management Specialist III
✨Tip Number 1
Network like a pro! Get out there and connect with folks in the industry. Attend events, join online forums, or even hit up LinkedIn. The more people you know, the better your chances of landing that dream job.
✨Tip Number 2
Prepare for interviews by researching Cloudflare and its mission. Understand their values and how they align with your own. This will help you stand out and show that you're genuinely interested in being part of their team.
✨Tip Number 3
Practice makes perfect! Do mock interviews with friends or use online resources to get comfortable with common questions. The more you practice, the more confident you'll feel when it’s time to shine.
✨Tip Number 4
Don’t forget to follow up after your interview! A quick thank-you email can go a long way in showing your appreciation and keeping you top of mind. Plus, it’s a great chance to reiterate your enthusiasm for the role.
We think you need these skills to ace Security Third Party Risk Management Specialist III
Some tips for your application 🫡
Tailor Your Application: Make sure to customise your CV and cover letter for the Security Third Party Risk Management Specialist role. Highlight your relevant experience in vendor security reviews and risk management, as this will show us you understand what we're looking for.
Showcase Your Skills: Don’t just list your skills—demonstrate them! Use specific examples from your past work that relate to the job description, especially around identifying security risks and working with compliance frameworks like ISO 27001 or SOC 2.
Be Authentic: We love seeing the real you! Share your passion for security and how it aligns with our mission to build a better Internet. A bit of personality can go a long way in making your application stand out.
Apply Through Our Website: We encourage you to apply directly through our website. It’s the best way to ensure your application gets into the right hands and shows us you're serious about joining our team!
How to prepare for a job interview at CloudFlare
✨Know Your Stuff
Make sure you’re well-versed in vendor security documentation like ISO 27001 and SOC 2. Brush up on your knowledge of third-party risk management and be ready to discuss how you've identified security control gaps in the past.
✨Show Your Curiosity
Cloudflare values curious individuals, so don’t hesitate to ask insightful questions during the interview. This shows that you’re genuinely interested in the role and the company’s mission to build a better Internet.
✨Be Organised
Prepare a structured approach to discussing your previous experiences. Use the STAR method (Situation, Task, Action, Result) to clearly articulate how you’ve handled vendor security reviews and risk assessments.
✨Connect with the Team
Since this role involves collaboration with various teams, highlight your interpersonal skills. Share examples of how you’ve successfully partnered with stakeholders in the past to improve processes or resolve issues.
