Senior Analyst, Third-Party Risk Management (TPRM)

DoorDash

$132K — $195K *
Business Services
5 - 7 years of experience
Job Overview by Ladders

Qualifications

  • 7+ years of experience in Third-Party Risk Management (TPRM) with a focus on security methodologies.
  • Bachelor's or Master's degree in Information Security, Computer Science, Business Administration, or a related field.
  • Proficiency in conducting security audits, controls, risk assessments, and remediation management.
  • Deep technical knowledge in assessing security risks for cloud/SaaS and AI vendors.
  • Practical experience evaluating risks associated with AI/ML models and ensuring data security.

Responsibilities

  • Drive maturation of the TPRM program towards a proactive security function.
  • Architect and govern security strategy for BPO and contingent workers.
  • Design and build process automations to optimize the TPRM program.
  • Lead the Supplier Security AI Governance framework to manage AI risks.
  • Establish core program governance and centralized reporting functions for risk visibility.
  • Collaborate cross-functionally to provide security advisory and lead assessments.
  • Manage issues and remediation tracking to ensure timely closure of security findings.

Benefits

  • 401(k) plan with employer matching.
  • 16 weeks of paid parental leave.
  • Medical, dental, and vision benefits.
  • Paid time off and sick leave compliant with laws.
  • Wellness, commuter benefits, and mental health program.
Full Job Description
About the Role

The Global Governance, Risk, and Compliance (GRC) team is looking for a technical, security-focused Third-Party Risk Management (TPRM) Sr. Analyst. If you are comfortable and have experience working in a fast-paced environment, taking ownership, and driving improvements in our security posture, we want to talk to you! You will report to the Manager, GRC within our Security organization.
You're excited about this opportunity because you will...
  • Drive the continuous maturation of our TPRM program, transforming it from a reactive, compliance-focused function into a proactive, strategic security partnership.
  • Architect and govern the security strategy for our BPO and contingent worker ecosystem, from developing and operationalizing continuous security standards to implementing & monitoring robust technical controls and ensuring strict compliance through rigorous due diligence and regular audit cycles.
  • Design and build process automations, optimizing and scaling the TPRM program to meet the business's fast-moving priorities.
  • Pioneer and lead the Supplier Security AI Governance framework, evaluating critical third-party AI risks to ensure the secure implementation of AI tools across the business.
  • Establish and own core program governance and build a centralized reporting function, delivering actionable key metrics, risk dashboards, and progress updates to leadership for continuous visibility into third-party risk exposure.
  • Partner cross-functionally with security engineering, procurement, business, privacy, and legal teams to provide security advisory and lead risk assessments.
  • Lead the end-to-end issues and remediation tracking process, following up on all security findings and exceptions from assessments to ensure accountability and timely closure of remediation items.
  • Execute the core TPRM lifecycle (perform risk assessments, due diligence questionnaires, new vendor onboarding, contract and data protection agreement reviews) and partner with internal SMEs (Sourcing, Enterprise Security, IT) to refine internal policies and frameworks for scale.
We're excited about you because you have...
  • 7+ years of progressive experience in security-focused TPRM methodologies, including owning or successfully leading a TPRM program for a fast-paced, high-growth company.
  • Bachelor's or Master's degree in Information Security, Computer Science, Business Administration, or related field.
  • Experience with program building, conducting security and/or assurance audits, controls, and risk assessments, and remediation management.
  • Deep technical understanding and experience conducting comprehensive security risk and gap assessments of cloud, SaaS, including Artificial Intelligence (AI) solutions, and infrastructure vendors, and evaluating risks that impact data security and application resilience.
  • Proficiency in the technical review of core security assurance documentation. This encompasses, but is not limited to, CAIQ, SIG, SOC 2 Type 2 reports, Penetration Test reports, and compliance attestations (e.g., ISO 27001, PCI-DSS, etc).
  • Experience in the technical vetting of complex vendor solutions. This involves scrutiny of API integrations with critical internal systems ('crown-jewels'), security of cloud-native services (AWS/Azure/GCP), and assessing agentic/generative AI platforms for vulnerabilities, data leakage, and system resilience.
  • Practical experience in assessing the unique risks associated with AI/ML models, including analysis of data provenance, identification of model poisoning risks, and ensuring the secure handling of proprietary data used for model training or fine-tuning.
  • Experience with implementing major information security, privacy, and risk management frameworks (e.g. NIST, ISO, SOC 2).
  • Experience managing security and compliance programs across broad GRC disciplines within a complex, global public company environment.
  • Experience solving complex, systemic issues that require creative thinking and cross-functional collaboration.
  • Experience managing vendor risk across the full relationship lifecycle, including periodic re-assessments, amendments, scope changes, and continuous monitoring.
  • Excellent verbal and written communication skills with the ability to effectively translate technical risk findings into a clear business context for diverse audiences, including executive leadership.
  • CISA, CISSP, CISM, or other industry certifications are a plus.


We expect this position to be filled by 9/13/26.

Compensation

The successful candidate's starting pay will fall within the pay range listed below and is determined based on job-related factors including, but not limited to, skills, experience, qualifications, work location, and market conditions. Base salary is localized according to an employee's work location. Ranges are market-dependent and may be modified in the future.

In addition to base salary, the compensation for this role includes opportunities for equity grants. Talk to your recruiter for more information.

DoorDash cares about you and your overall well-being. That's why we offer a comprehensive benefits package to all regular employees, which includes a 401(k) plan with employer matching, 16 weeks of paid parental leave, wellness benefits, commuter benefits match, paid time off and paid sick leave in compliance with applicable laws (e.g. Colorado Healthy Families and Workplaces Act). DoorDash also offers medical, dental, and vision benefits, 11 paid holidays, disability and basic life insurance, family-forming assistance, and a mental health program, among others.

To learn more about our benefits, visit our careers page here.

See below for paid time off details:
  • For salaried roles: flexible paid time off/vacation, plus 80 hours of paid sick time per year.
  • For hourly roles: vacation accrued at about 1 hour for every 25.97 hours worked (e.g. about 6.7 hours/month if working 40 hours/week; about 3.4 hours/month if working 20 hours/week), and paid sick time accrued at 1 hour for every 30 hours worked (e.g. about 5.8 hours/month if working 40 hours/week; about 2.9 hours/month if working 20 hours/week).


The national base pay range for this position within the United States, including Illinois and Colorado.

$132,600-$195,000 USD

Similar Jobs

More Jobs at DoorDash

More Business Services Jobs

Find similar Senior Analyst, Third-Party Risk Management (TPRM) jobs: