ForgeApply · Job listing
Senior Analyst, Third-Party Risk Management (TPRM)
Doordashusa
Apply in about a minute — without sacrificing quality.
ForgeApply autofills this application and tailors your resume to this exact posting. You review everything before it's sent. Free trial, no card required.
About this role
About the Team
Come help us build the world's most trusted on-demand logistics engine for delivery! We're building a team of great minds to help us secure and maintain a 24x7, no-downtime, global infrastructure system that powers DoorDash’s multi-sided marketplace of consumers, merchants, and drivers.
About the Role
The Global Governance, Risk, and Compliance (GRC) team is looking for a technical, security-focused Third-Party Risk Management (TPRM) Sr. Analyst. If you are comfortable and have experience working in a fast-paced environment, taking ownership, and driving improvements in our security posture, we want to talk to you! You will report to the Manager, GRC within our Security organization.
You’re excited about this opportunity because you will…
• Drive the continuous maturation of our TPRM program , transforming it from a reactive, compliance-focused function into a proactive, strategic security partnership.
• Architect and govern the security strategy for our BPO and contingent worker ecosystem , from developing and operationalizing continuous security standards to implementing & monitoring robust technical controls and ensuring strict compliance through rigorous due diligence and regular audit cycles.
• Design and build process automations, optimizing and scaling the TPRM program to meet the business’s fast-moving priorities.
• Pioneer and lead the Supplier Security AI Governance framework , evaluating critical third-party AI risks to ensure the secure implementation of AI tools across the business.
• Establish and own core program governance and build a centralized reporting function , delivering actionable key metrics, risk dashboards, and progress updates to leadership for continuous visibility into third-party risk exposure.
• Partner cross-functionally with security engineering, procurement, business, privacy, and legal teams to provide security advisory and lead risk assessments.
• Lead the end-to-end issues and remediation tracking process , following up on all security findings and exceptions from assessments to ensure accountability and timely closure of remediation items.
• Execute the core TPRM lifecycle (perform risk assessments, due diligence questionnaires, new vendor onboarding, contract and data protection agreement reviews) and partner with internal SMEs (Sourcing, Enterprise Security, IT) to refine internal policies and frameworks for scale.
We’re excited about you because you have…
• 7+ years of progressive experience in security-focused TPRM methodologies, including owning or successfully leading a TPRM program for a fast-paced, high-growth company.
• Bachelor’s or Master’s degree in Information Security, Computer Science, Business Administration, or related field.
• Experience with program building, conducting security and/or assurance audits, controls, and risk assessments, and remediation management.
• Deep technical understanding and experience conducting comprehensive security risk and gap assessments of cloud, SaaS, including Artificial Intelligence (AI) solutions, and infrastructure vendors, and evaluating risks that impact data security and application resilience.
• Proficiency in the technical review of core security assurance documentation. This encompasses, but is not limited to, CAIQ, SIG, SOC 2 Type 2 reports, Penetration Test reports, and compliance attestations (e.g., ISO 27001, PCI-DSS, etc).
• Experience in the technical vetting of complex vendor solutions. This involves scrutiny of API integrations with critical internal systems ('crown-jewels'), security of cloud-native services (AWS/Azure/GCP), and assessing agentic/generative AI platforms for vulnerabilities, data leakage, and system resilience.
• Practical experience in assessing the unique risks associated with AI/ML models, including analysis of data provenance, identification of model poisoning risks, and ensuring the secure handling of proprietary data used for model training or fine-tuning.
• Experience with implementing major information security, privacy, and risk management frameworks (e.g. NIST, ISO, SOC 2).
• Experience managing security and compliance programs across broad GRC disciplines within a complex, global public company environment.
• Experience solving complex, systemic issues that require creative thinking and cross-functional collaboration.
• Experience managing vendor risk across the full relationship lifecycle, including periodic re-assessments, amendments, scope changes, and continuous monitoring.
• Excellent verbal and written communication skills with the ability to effectively translate technical risk findings into a clear business context for diverse audiences, including executive leadership.
• CISA, CISSP, CISM, or other industry certifications are a plus.
We expect this position to be filled by 9/13/26. Compensation
The successful candidate’s starting pay will fall within the pay range listed below and is determined based on job-related factors including, but not limited to, skills, experience, qualifications, work location, and market conditions. Base salary is localized according to an employee’s work location. Ranges are market-dependent and may be modified in the future.
In addition to base salary, the compensation for this role includes opportunities for equity grants. Talk to your recruiter for more information.
DoorDash cares about you and your overall well-being. That’s why we offer a comprehensive benefits package to all regular employees, which includes a 401(k) plan with employer matching, 16 weeks of paid parental leave, wellness benefits, commuter benefits match, paid time off and paid sick leave in compliance with applicable laws (e.g. Colorado Healthy Families and Workplaces Act). DoorDash also offers medical, dental, and vision benefits, 11 paid holidays, disability and basic life insurance, family-forming assistance, and a mental health program, among others.
To learn more about our benefits, visit our caree
Salary insight
This posting doesn't disclose pay. Across 6,074 San Francisco jobs with disclosed salaries on ForgeApply, the median is $204k.
Based on live postings with disclosed pay on ForgeApply; refreshed daily. Not an estimate of this employer's offer.
Ready to apply to Doordashusa?
Apply in about a minuteSimilar jobs
- Senior Security Third Party Risk (TPRM) Analyst — Onetrust · Atlanta, Georgia
- Manager, Third Party Risk Management — Upstart · Remote
- Third Party Risk Specialist — Point72 · New York, NY
- Senior Risk Management and Internal Control Analyst — Shinvestmentsllc · San Antonio, TX
- Enterprise Risk Analyst — Trueanomalyinc · Denver, CO or Long Beach, CA or Washington, DC or SF Bay Area
- Technical Program Manager, Risk — Stripe · Remote
- Staff Risk Analyst — Earnin · Remote
- Sr Risk Analyst — Crunchyroll · Dallas, Texas, United States
More like this: More jobs at Doordashusa · Browse all jobs