DoorDash · 21 hours ago
Senior Analyst, Third-Party Risk Management (TPRM)
United States
Full-time
Remote
Senior Level
$133K/yr - $195K/yr
7+ years expDoorDash is a technology and logistics company focused on empowering local economies through on-demand delivery services. They are seeking a Senior Analyst for their Third-Party Risk Management team to drive the maturation of their TPRM program, ensuring security compliance and managing third-party risks effectively.
AppsDeliveryE-Commerce PlatformsFood DeliveryOnline Portals
Responsibilities
Drive the continuous maturation of our TPRM program, transforming it from a reactive, compliance-focused function into a proactive, strategic security partnership
Architect and govern the security strategy for our BPO and contingent worker ecosystem, from developing and operationalizing continuous security standards to implementing & monitoring robust technical controls and ensuring strict compliance through rigorous due diligence and regular audit cycles
Pioneer and lead the Supplier Security AI Governance framework, evaluating critical third-party AI risks to ensure the secure implementation of AI tools across the business
Establish and own core program governance and build a centralized reporting function, delivering actionable key metrics, risk dashboards, and progress updates to leadership for continuous visibility into third-party risk exposure
Lead the end-to-end issues and remediation tracking process, following up on all security findings and exceptions from assessments to ensure accountability and timely remediation closure
Execute the core TPRM lifecycle (perform risk assessments, due diligence questionnaires, new vendor onboarding, contract reviews) and partner with internal SMEs (Sourcing, CorpSec, IT) to refine internal policies and frameworks for scale
Maintain TPRM tools, artifacts, and reporting capabilities to provide visibility into supplier risk exposure and ensure timely identification and mitigation of risks
Partner with risk domain SMEs (i.e., sourcing team, CorpSec, IT, etc.) to enhance and implement vendor risk management policy and procedures, leveraging TPRM tools and automation to provide enhanced visibility into supplier risk exposure
Qualification
Required
7+ years of progressive experience in security-focused TPRM methodologies, including owning or successfully leading a TPRM program for a fast-paced, high-growth company
Bachelor's or Master's degree in Information Security, Computer Science, Business Administration, or related field
Experience with program building, conducting security and/or assurance audits, controls, and risk assessments, and remediation management
Deep technical understanding and experience conducting comprehensive security risk and gap assessments of cloud, SaaS, including Artificial Intelligence (AI) solutions, and infrastructure vendors, and evaluating risks that impact data security and application resilience
Proficiency in the technical review of core security assurance documentation. This encompasses, but is not limited to, CAIQ, SIG, SOC 2 Type 2 reports, Penetration Test reports, and compliance attestations (e.g., ISO 27001, PCI-DSS, etc)
Experience in the technical vetting of complex vendor solutions. This involves scrutiny of API integrations with critical internal systems ('crown-jewels'), security of cloud-native services (AWS/Azure/GCP), and assessing agentic/generative AI platforms for vulnerabilities, data leakage, and system resilience
Practical experience in assessing the unique risks associated with AI/ML models, including analysis of data provenance, identification of model poisoning risks, and ensuring the secure handling of proprietary data used for model training or fine-tuning
Experience with implementing major information security, privacy, and risk management frameworks (e.g., NIST, ISO, SOC 2)
Experience managing security and compliance programs across broad GRC disciplines within a complex, global public company environment
Experience solving complex, systemic issues that require creative thinking and cross-functional collaboration
Excellent verbal and written communication skills with the ability to effectively translate technical risk findings into a clear business context for diverse audiences, including executive leadership
Preferred
CISA, CISSP, CISM or other industry certifications are a plus
Benefits
401(k) plan with employer matching
16 weeks of paid parental leave
Wellness benefits
Commuter benefits match
Paid time off
Paid sick leave in compliance with applicable laws
Medical, dental, and vision benefits
11 paid holidays
Disability and basic life insurance
Family-forming assistance
Mental health program
Company
DoorDash
DoorDash is a food delivery platform that connects customers with local and national businesses. It is a sub-organization of DoorDash.
10001+ employees
H1B Sponsorship
DoorDash has a track record of offering H1B sponsorships. Please note that this does not
guarantee sponsorship for this specific role. Below presents additional info for your
reference. (Data Powered by US Department of Labor)
Distribution of Different Job Fields Receiving Sponsorship
Represents job field similar to this job
Trends of Total Sponsorships
2025 (530)
2024 (510)
2023 (413)
2022 (612)
2021 (439)
2020 (126)
Funding
Current Stage
Public CompanyTotal Funding
$5.22BKey Investors
Durable Capital PartnersT. Rowe PriceDarsana Capital Partners
2025-05-27Post Ipo Debt· $2.75B
2020-12-09IPO
2020-06-11Series H· $400M
Leadership Team
Tony Xu
CEO and Co-founder
Stanley Tang
Co-Founder / Chief Product Officer
Recent News
Business Insider
2026-01-07
2026-01-07
Deli Market News
2026-01-07
Company data provided by crunchbase