Senior Analyst, Third-Party Risk Management

About The Team

Come help us build the world's most trusted on-demand logistics engine for delivery! We're building a team of great minds to help us secure and maintain a 24x7, no-downtime, global infrastructure system that powers DoorDash’s multi-sided marketplace of consumers, merchants, and drivers.

About The Role

The Governance, Risk, and Compliance (GRC) team at DoorDash is seeking a security-focused Senior Analyst, Third-Party Risk Management. If you are comfortable working in a highly motivated, fast-paced environment, taking ownership, and contributing to improving our security posture, we want to talk to you!

You will report to the Manager - GRC within our Security organization.

What You Will Do

• Drive the continuous maturation of our TPRM program, transforming it into a proactive, strategic security partnership.
• Architect and govern the security strategy for our BPO and contingent worker ecosystem, from developing continuous security standards to implementing and monitoring robust technical controls and ensuring compliance through due diligence and regular audit cycles.
• Pioneer and lead the Supplier Security AI Governance framework, evaluating critical third-party AI risks to ensure the secure implementation of AI tools across the business.
• Establish and own core program governance and build a centralized reporting function, delivering actionable key metrics, risk dashboards, and progress updates to leadership.
• Lead the end-to-end issues and remediation tracking process, ensuring accountability and timely closure of security findings.
• Execute the core TPRM lifecycle (perform risk assessments, due diligence questionnaires, new vendor onboarding, contract reviews) and partner with internal SMEs to refine internal policies and frameworks for scale.
• Maintain TPRM tools, artifacts, and reporting capabilities to provide visibility into supplier risk exposure and ensure timely identification and mitigation of risks.
• Partner with risk domain SMEs (i.e., sourcing team, CorpSec, IT, etc.) to enhance and implement vendor risk management policy and procedures, leveraging TPRM tools and automation.

What We're Looking For

• 7+ years of progressive experience in security-focused TPRM methodologies, including owning or successfully leading a TPRM program for a fast-paced, high-growth company.
• Bachelor’s or Master’s degree in Information Security, Computer Science, Business Administration, or related field.
• Experience with program building, conducting security and/or assurance audits, controls, and risk assessments, and remediation management.
• Deep technical understanding and experience conducting comprehensive security risk and gap assessments of cloud, SaaS, including Artificial Intelligence (AI) solutions, and infrastructure vendors.
• Proficiency in the technical review of core security assurance documentation (e.g., CAIQ, SIG, SOC 2 Type 2 reports, Penetration Test reports, ISO 27001, PCI-DSS).
• Experience in the technical vetting of complex vendor solutions, including scrutiny of API integrations, security of cloud-native services (AWS/Azure/GCP), and assessing agentic/generative AI platforms.
• Practical experience in assessing the unique risks associated with AI/ML models, including analysis of data provenance and model poisoning risks.
• Experience with implementing major information security, privacy, and risk management frameworks (e.g., NIST, ISO, SOC 2).
• Experience managing security and compliance programs across broad GRC disciplines within a complex, global public company environment.
• Experience solving complex, systemic issues that require creative thinking and cross-functional collaboration.
• Excellent verbal and written communication skills with the ability to effectively translate technical risk findings into a clear business context for diverse audiences.
• CISA, CISSP, CISM or other industry certifications are a plus.

Compensation & Benefits

The national base pay range for this position within the United States is $132,600—$195,000 USD. In addition to base salary, compensation for this role includes opportunities for equity grants. DoorDash offers a comprehensive benefits package including 401(k) with employer matching, 16 weeks of paid parental leave, wellness benefits, commuter benefits, flexible paid time off/vacation, and paid sick leave.

Key skills/competency

• Third-Party Risk Management (TPRM)
• GRC (Governance, Risk, Compliance)
• Security Assessment
• AI Security Governance
• Cloud Security
• SaaS Security
• Vendor Due Diligence
• Risk Remediation
• NIST/ISO/SOC 2 Frameworks
• Security Audits