Third Party Risk Management (TPRM) Analyst (Remote)

As a global leader in cybersecurity CrowdStrike protects the people processes and technologies that drive modern organizations. Since 2011 our mission hasn’t changed — we’re here to stop breaches and we’ve redefined modern security with the world’s most advanced AI-native platform. Our customers span all industries and they count on CrowdStrike to keep their businesses running their communities safe and their lives moving forward. We’re also a mission-driven company. We cultivate a culture that gives every CrowdStriker both the flexibility and autonomy to own their careers. We’re always looking to add talented CrowdStrikers to the team who have limitless passion a relentless focus on innovation and a fanatical commitment to our customers our community and each other. Ready to join a mission that matters? The future of cybersecurity starts with you.

About the Role:

CrowdStrike is seeking a Third Party Risk Management (TPRM) Analyst to join our Policy Risk Management and Controls team (PCRM). As CrowdStrike's ecosystem of vendors partners and suppliers continues to grow this role will be essential in identifying assessing and managing the security risks introduced through third-party relationships. This role offers candidates an opportunity to work in a fast-paced collaborative environment alongside experienced security professionals with direct impact on protecting CrowdStrike and its customers from supply chain and vendor-related threats.

Third Party Risk Program Management:  Develop implement and maintain CrowdStrike's TPRM policies standards and procedures ensuring alignment with internal security requirements and external regulatory obligations.

Risk Assessment & Due Diligence: Lead security risk assessments of third-party vendors and partners across the full vendor lifecycle from onboarding through offboarding  identifying and prioritizing risks based on criticality and data access.

Reporting and Analysis: Generate detailed reports and dashboards to track vendor risk posture assessment status remediation progress and program KPIs for leadership and key stakeholders.

Collaboration and Resolution: Partner with Procurement Legal Privacy IT and business teams to ensure third-party risks are understood communicated and appropriately addressed. Serve as a subject matter expert on vendor security requirements.

Process Optimization: Continuously identify opportunities to streamline and automate TPRM workflows reduce manual effort and scale the program to meet CrowdStrike's growth.

• Manage and mature CrowdStrike's Third Party Risk Management program including policies standards procedures and assessment methodologies.

• Conduct security risk assessments of third-party vendors evaluating controls across domains such as data security access management incident response business continuity and compliance.

• Tier and prioritize vendors based on risk factors including data sensitivity operational dependency and regulatory scope.

• Manage vendor risk findings remediation plans and exceptions working with vendors and internal stakeholders to resolve issues in a timely manner.

• Monitor the third-party risk landscape including emerging threats regulatory changes and vendor security incidents and communicate relevant updates to stakeholders.

• Develop and maintain TPRM dashboards and reporting to provide visibility into vendor risk posture and program health.

• Develop and deliver training and communications to internal stakeholders on TPRM processes requirements and responsibilities.

• Identify opportunities to automate and optimize TPRM workflows leveraging GRC tooling and integrations to improve efficiency and scalability.

• Proactively identify gaps in the TPRM program and lead efforts to address and remediate them.

• Perform other duties within the scope of Third Party Risk Management and broader Cyber GRC.

• Bachelor's degree in Computer Science Information Security Business or a related field; or a up to 5 years of experience.

• Technical focus on third party risk management vendor risk supply chain security or related disciplines.

• Experience with GRC or TPRM platforms such as ServiceNow OneTrust ProcessUnity or similar tools.

• Strong understanding of security risk assessment methodologies and control frameworks applicable to third-party environments.

• Familiarity with regulatory requirements and frameworks such as SOC 1/SOC 2 ISO 27001/27002 NIST 800-53 CSA-CCM GDPR and PCI-DSS as they apply to vendor relationships.

• Experience with reviewing vendor security documentation including SOC reports penetration test results and questionnaire responses.

Certifications (Preferred): 

• CISSP CISM CRISC or equivalent security certifications.

• Certifications specific to third party risk such as CTPRP (Certified Third Party Risk Professional) are a plus.

Soft Skills:

• Ability to think strategically about supply chain and vendor risks and connect them to CrowdStrike's broader risk posture.

• Strong analytical and problem-solving skills to evaluate vendor controls identify gaps and prioritize remediation.

• Excellent communication skills with the ability to convey technical risk findings to non-technical stakeholders including executives and procurement teams.

• Proven ability to build and maintain relationships with external vendors and internal cross-functional partners.

• Leadership skills to drive vendor risk assessments manage remediation efforts and influence stakeholders without direct authority.

Program and Project Management:

• Experience managing risk programs or projects including scoping stakeholder coordination and tracking deliverables against timelines.

Bonus Points:

• Experience with continuous monitoring solutions for third-party risk (e.g. BitSight SecurityScorecard).

• Familiarity with CrowdStrike products services or the broader cybersecurity industry.

• Practical experience in software development or secure coding practices particularly as they relate to supply chain security (e.g. SBOM open source risk).

#LI-CS1

#LI-Remote

Benefits of Working at CrowdStrike:

• Market leader in compensation and equity awards

• Comprehensive physical and mental wellness programs 

• Competitive vacation and holidays for recharge  

• Paid parental and adoption leaves

• Professional development opportunities for all employees regardless of level or role

• Employee Networks geographic neighborhood groups and volunteer opportunities to build connections

• Vibrant office culture with world class amenities

• Great Place to Work Certified™ across the globe

CrowdStrike is proud to be an equal opportunity employer. We are committed to fostering a culture of belonging where everyone is valued for who they are and empowered to succeed. We support veterans and individuals with disabilities through our affirmative action program.

CrowdStrike is committed to providing equal employment opportunity for all employees and applicants for employment. The Company does not discriminate in employment opportunities or practices on the basis of race color creed ethnicity religion sex (including pregnancy or pregnancy-related medical conditions) sexual orientation gender identity marital or family status veteran status age national origin ancestry physical disability (including HIV and AIDS) mental disability medical condition genetic information membership or activity in a local human rights commission status with regard to public assistance or any other characteristic protected by law. We base all employment decisions--including recruitment selection training compensation benefits discipline promotions transfers lay-offs return from lay-off terminations and social/recreational programs--on valid job requirements.

If you need assistance accessing or reviewing the information on this website or need help submitting an application for employment or requesting an accommodation please contact us at [email protected] for further assistance.

Find out more about your rights as an applicant.

CrowdStrike participates in the E-Verify program.

Notice of E-Verify Participation

Right to Work

For detailed information about the U.S. benefits package please click here. 

What We Do

CrowdStrike has redefined security with the world’s most advanced cloud-native platform that protects and enables the people processes and technologies that drive modern enterprise. Tested and proven the world's largest organizations trust CrowdStrike to stop breaches with unparalleled protection against the most sophisticated cyberattacks. The CrowdStrike culture has been built upon our Core Values since the day we began. We are Fanatical About the Customer Relentlessly Focused on Innovation and believe that our Limitless Passion drives Unlimited Potential for every CrowdStriker. As a purpose-built remote-first company we believe cultivating a connected culture for every employee no matter where they are in the world is a key ingredient in building a high-performing diverse team. We don’t have a mission statement. We’re on a mission—to stop breaches. Ready to join a mission that matters?

Why Work With Us

We have a culture that celebrates achievement encourages flexibility and innovation and thrives on teamwork. We all work towards a single mission: to stop breaches. This common goal drives a sense of community and connection among our people across the globe.

Gallery