Senior Analyst, Third-Party Risk Management (TPRM)
Quick Summary
About the Team Come help us build the world's most trusted on-demand logistics engine for delivery! We're building a team of great minds to help us secure and maintain a 24x7, no-downtime,
Come help us build the world's most trusted on-demand logistics engine for delivery! We're building a team of great minds to help us secure and maintain a 24x7, no-downtime, global infrastructure system that powers DoorDash’s multi-sided marketplace of consumers, merchants, and drivers.
About the Role
~2 min readThe Global Governance, Risk, and Compliance (GRC) team is looking for a technical, security-focused Third-Party Risk Management (TPRM) Sr. Analyst. If you are comfortable and have experience working in a fast-paced environment, taking ownership, and driving improvements in our security posture, we want to talk to you! You will report to the Manager, GRC within our Security organization.
- Drive the continuous maturation of our TPRM program, transforming it from a reactive, compliance-focused function into a proactive, strategic security partnership.
- Architect and govern the security strategy for our BPO and contingent worker ecosystem, from developing and operationalizing continuous security standards to implementing & monitoring robust technical controls and ensuring strict compliance through rigorous due diligence and regular audit cycles.
- Design and build process automations, optimizing and scaling the TPRM program to meet the business’s fast-moving priorities.
- Pioneer and lead the Supplier Security AI Governance framework, evaluating critical third-party AI risks to ensure the secure implementation of AI tools across the business.
- Establish and own core program governance and build a centralized reporting function, delivering actionable key metrics, risk dashboards, and progress updates to leadership for continuous visibility into third-party risk exposure.
- Partner cross-functionally with security engineering, procurement, business, privacy, and legal teams to provide security advisory and lead risk assessments.
- Lead the end-to-end issues and remediation tracking process, following up on all security findings and exceptions from assessments to ensure accountability and timely closure of remediation items.
- Execute the core TPRM lifecycle (perform risk assessments, due diligence questionnaires, new vendor onboarding, contract and data protection agreement reviews) and partner with internal SMEs (Sourcing, Enterprise Security, IT) to refine internal policies and frameworks for scale.
- 7+ years of progressive experience in security-focused TPRM methodologies, including owning or successfully leading a TPRM program for a fast-paced, high-growth company.
- Bachelor’s or Master’s degree in Information Security, Computer Science, Business Administration, or related field.
- Experience with program building, conducting security and/or assurance audits, controls, and risk assessments, and remediation management.
- Deep technical understanding and experience conducting comprehensive security risk and gap assessments of cloud, SaaS, including Artificial Intelligence (AI) solutions, and infrastructure vendors, and evaluating risks that impact data security and application resilience.
- Proficiency in the technical review of core security assurance documentation. This encompasses, but is not limited to, CAIQ, SIG, SOC 2 Type 2 reports, Penetration Test reports, and compliance attestations (e.g., ISO 27001, PCI-DSS, etc).
- Experience in the technical vetting of complex vendor solutions. This involves scrutiny of API integrations with critical internal systems ('crown-jewels'), security of cloud-native services (AWS/Azure/GCP), and assessing agentic/generative AI platforms for vulnerabilities, data leakage, and system resilience.
- Practical experience in assessing the unique risks associated with AI/ML models, including analysis of data provenance, identification of model poisoning risks, and ensuring the secure handling of proprietary data used for model training or fine-tuning.
- Experience with implementing major information security, privacy, and risk management frameworks (e.g. NIST, ISO, SOC 2).
- Experience managing security and compliance programs across broad GRC disciplines within a complex, global public company environment.
- Experience solving complex, systemic issues that require creative thinking and cross-functional collaboration.
- Experience managing vendor risk across the full relationship lifecycle, including periodic re-assessments, amendments, scope changes, and continuous monitoring.
- Excellent verbal and written communication skills with the ability to effectively translate technical risk findings into a clear business context for diverse audiences, including executive leadership.
- CISA, CISSP, CISM, or other industry certifications are a plus.
Requirements
~1 min readNotice to Applicants for Jobs Located in NYC or Remote Jobs Associated With Office in NYC Only
We used Covey as part of our hiring and/or promotional process for jobs in NYC and certain features may qualify it as an AEDT in NYC. As part of the hiring and/or promotion process, we provided Covey with job requirements and candidate submitted applications. We began using Covey Scout for Inbound from August 21, 2023, through December 21, 2023. We resumed using Covey Scout for Inbound again on June 29, 2024, and ceased using Covey Scout for Inbound on April 30, 2026.
The Covey tool has been reviewed by an independent auditor. Results of the audit may be viewed here: https://getcovey.com/nyc-local-law-144.
Location & Eligibility
Listing Details
- Posted
- July 13, 2026
- First seen
- July 13, 2026
- Last seen
- July 14, 2026
Posting Health
- Days active
- 0
- Repost count
- 0
- Trust Level
- 87%
- Scored at
- July 13, 2026
Signal breakdown

Leading US food and goods on-demand delivery platform with 60%+ market share
View company profilePlease let Doordashusa know you found this job on Jobera.
4 other jobs at Doordashusa
View all →Explore open roles at Doordashusa.
Similar Risk Management jobs
View all →Browse Similar Jobs
Stay ahead of the market
Get the latest job openings, salary trends, and hiring insights delivered to your inbox every week.
No spam. Unsubscribe at any time.