Autodesk
Overview
Position Overview Autodesk’s Third-Party Risk Management (TPRM) team identifies, assesses, and monitors Autodesk’s third-party risk posture. TPRM partners with ESE (IT), Procurement, Purchasing, Legal, Trust, Vendor Management, and other group verticals to reduce risk. A key priority is enabling business leaders through education to address and mitigate third-party risks. You will oversee the entire third-party risk lifecycle, conducting robust due diligence during onboarding, performing comprehensive re-assessments, and managing offboarding procedures. You will evaluate emerging risks introduced by technologies such as Artificial Intelligence (AI), Large Language Models (LLMs), data lakes, and data warehouses. You must collaborate across teams and influence decision-makers to mitigate risks while enabling secure business growth. This is an exciting opportunity to drive innovation through developing risk quantification, using cutting-edge tooling, and building strategic partnerships within Autodesk’s global third-party ecosystem. Responsibilities
Establish team goals and work with direct reports on strategies for executing, measuring progress, and sharing results Assess third-party vendors during due diligence and re-assessment, focusing on trust risks (security, data privacy, resilience, trusted AI, and compliance risks) Operate and improve Autodesk’s third-party risk management systems, including leveraging tools like OneTrust for workflows and developing models for risk quantification Partner with Legal, Trust, and business owners to embed comprehensive Trust (security, privacy, resilience, trusted AI) requirements directly into contracts, ensuring alignment with policies and compliance frameworks (e.g., GDPR, CCPA, SOC2, NIST, etc) Liaise with high-risk vendors to understand their security posture, advocate for aligned improvements, and provide advisory on identified risks Develop and maintain processes that enhance the efficiency and scalability of third-party evaluations, continuous monitoring, and offboarding procedures Maintain a comprehensive third-party risk register and present findings, trends, and action plans for senior leadership Work with internal teams to investigate and respond to third-party related security incidents, defining escalation procedures and remediation requirements Manage all employees in the section including staffing and scheduling, compensation, performance management, training and development Attract, retain, and motivate the team to achieve management business objectives. Demonstrated leadership skills to train, develop and coach others in the execution of the program Actively mentor and train teammates on Third-Party Risk Management processes, governance, and frameworks Generate innovative ideas and challenge the status quo Demonstrate critical thinking to analyze complex workflows and big-picture themes, make decisions, and solve problems without ongoing direction setting Identify solutions to third-party risks that are appropriate based on business context and risk materiality Drive rapid value creation through quick wins and long-term balanced value creation Exhibit strong change management with the tenacity to follow through to closure Communicate effectively to paint visuals for program designs and operating models to influence partners and leadership Minimum Qualifications
7+ years of progressive experience in third-party security or as a principal third-party security assessor, or GRC engineer role, preferably within a technology company 3+ years of people leadership experience in a globally distributed, hybrid, or remote environment Professional certifications such as CISSP, CCSP, CCSA, CISM, CIPP/US, CIPP/E, CIPM, CIPT Hands-on experience with TPRM tools (e.g., OneTrust, ZENGRC, ServiceNOW, BitSight, SecurityScorecard) Familiarity with security concepts, including IAM, firewalls, APIs, vulnerabilities (CVE), software supply chain risks, data lakes and data warehouses Proven ability with automation of processes through scripting, AI, or tooling Strong verbal and written communication and stakeholder engagement skills with experience effectively communicating synchronously and asynchronously in a remote/hybrid environment Proven ability to influence decision-makers and articulate complex technical risks and control concepts to non-technical stakeholders, including senior executives and audit committees Preferred Qualifications
Experience negotiating vendor contracts and defining Trust requirements (security, resilience, AI, privacy) clauses Familiarity with risk quantification frameworks (e.g., FAIR) and risk metrics in reporting Experience building risk management programs leveraging automation, AI, and continuous monitoring techniques Familiarity with AI concepts, tools, policies, and best practices, particularly concerning LLM security risks like prompt injection, training data poisoning, and insecure output handling About Autodesk
Welcome to Autodesk! Amazing things are created every day with our software—from the greenest buildings and cleanest cars to the smartest factories and biggest hit movies. We help innovators turn their ideas into reality, transforming not only how things are made, but what can be made. We take pride in our culture here at Autodesk – it guides the way we work, how we connect with customers and partners, and how we show up in the world. When you’re an Autodesker, you can do meaningful work that helps build a better world designed and made for all. Ready to shape the world and your future? Join us! Benefits
From health and financial benefits to time away and everyday wellness, we provide Autodeskers the resources to do their best work. Learn more about our benefits in the U.S. at benefits.autodesk.com. Salary transparency
Salary is one part of Autodesk’s competitive compensation package. For U.S.-based roles, the starting base salary range is typically disclosed. Offers are based on experience and location and may exceed this range. In addition to base salaries, compensation may include annual cash bonuses, stock grants, and a comprehensive benefits package. Equal Employment Opportunity
Autodesk is an equal opportunity employer and considers all qualified applicants for employment without regard to race, color, religion, age, sex, sexual orientation, gender identity, national origin, disability, veteran status or any other legally protected characteristic. We also consider all qualified applicants regardless of criminal histories, consistent with applicable law. Diversity & Belonging
We cultivate a culture of belonging where everyone can thrive. Learn more at Autodesk’s Diversity & Belonging pages.
#J-18808-Ljbffr
Position Overview Autodesk’s Third-Party Risk Management (TPRM) team identifies, assesses, and monitors Autodesk’s third-party risk posture. TPRM partners with ESE (IT), Procurement, Purchasing, Legal, Trust, Vendor Management, and other group verticals to reduce risk. A key priority is enabling business leaders through education to address and mitigate third-party risks. You will oversee the entire third-party risk lifecycle, conducting robust due diligence during onboarding, performing comprehensive re-assessments, and managing offboarding procedures. You will evaluate emerging risks introduced by technologies such as Artificial Intelligence (AI), Large Language Models (LLMs), data lakes, and data warehouses. You must collaborate across teams and influence decision-makers to mitigate risks while enabling secure business growth. This is an exciting opportunity to drive innovation through developing risk quantification, using cutting-edge tooling, and building strategic partnerships within Autodesk’s global third-party ecosystem. Responsibilities
Establish team goals and work with direct reports on strategies for executing, measuring progress, and sharing results Assess third-party vendors during due diligence and re-assessment, focusing on trust risks (security, data privacy, resilience, trusted AI, and compliance risks) Operate and improve Autodesk’s third-party risk management systems, including leveraging tools like OneTrust for workflows and developing models for risk quantification Partner with Legal, Trust, and business owners to embed comprehensive Trust (security, privacy, resilience, trusted AI) requirements directly into contracts, ensuring alignment with policies and compliance frameworks (e.g., GDPR, CCPA, SOC2, NIST, etc) Liaise with high-risk vendors to understand their security posture, advocate for aligned improvements, and provide advisory on identified risks Develop and maintain processes that enhance the efficiency and scalability of third-party evaluations, continuous monitoring, and offboarding procedures Maintain a comprehensive third-party risk register and present findings, trends, and action plans for senior leadership Work with internal teams to investigate and respond to third-party related security incidents, defining escalation procedures and remediation requirements Manage all employees in the section including staffing and scheduling, compensation, performance management, training and development Attract, retain, and motivate the team to achieve management business objectives. Demonstrated leadership skills to train, develop and coach others in the execution of the program Actively mentor and train teammates on Third-Party Risk Management processes, governance, and frameworks Generate innovative ideas and challenge the status quo Demonstrate critical thinking to analyze complex workflows and big-picture themes, make decisions, and solve problems without ongoing direction setting Identify solutions to third-party risks that are appropriate based on business context and risk materiality Drive rapid value creation through quick wins and long-term balanced value creation Exhibit strong change management with the tenacity to follow through to closure Communicate effectively to paint visuals for program designs and operating models to influence partners and leadership Minimum Qualifications
7+ years of progressive experience in third-party security or as a principal third-party security assessor, or GRC engineer role, preferably within a technology company 3+ years of people leadership experience in a globally distributed, hybrid, or remote environment Professional certifications such as CISSP, CCSP, CCSA, CISM, CIPP/US, CIPP/E, CIPM, CIPT Hands-on experience with TPRM tools (e.g., OneTrust, ZENGRC, ServiceNOW, BitSight, SecurityScorecard) Familiarity with security concepts, including IAM, firewalls, APIs, vulnerabilities (CVE), software supply chain risks, data lakes and data warehouses Proven ability with automation of processes through scripting, AI, or tooling Strong verbal and written communication and stakeholder engagement skills with experience effectively communicating synchronously and asynchronously in a remote/hybrid environment Proven ability to influence decision-makers and articulate complex technical risks and control concepts to non-technical stakeholders, including senior executives and audit committees Preferred Qualifications
Experience negotiating vendor contracts and defining Trust requirements (security, resilience, AI, privacy) clauses Familiarity with risk quantification frameworks (e.g., FAIR) and risk metrics in reporting Experience building risk management programs leveraging automation, AI, and continuous monitoring techniques Familiarity with AI concepts, tools, policies, and best practices, particularly concerning LLM security risks like prompt injection, training data poisoning, and insecure output handling About Autodesk
Welcome to Autodesk! Amazing things are created every day with our software—from the greenest buildings and cleanest cars to the smartest factories and biggest hit movies. We help innovators turn their ideas into reality, transforming not only how things are made, but what can be made. We take pride in our culture here at Autodesk – it guides the way we work, how we connect with customers and partners, and how we show up in the world. When you’re an Autodesker, you can do meaningful work that helps build a better world designed and made for all. Ready to shape the world and your future? Join us! Benefits
From health and financial benefits to time away and everyday wellness, we provide Autodeskers the resources to do their best work. Learn more about our benefits in the U.S. at benefits.autodesk.com. Salary transparency
Salary is one part of Autodesk’s competitive compensation package. For U.S.-based roles, the starting base salary range is typically disclosed. Offers are based on experience and location and may exceed this range. In addition to base salaries, compensation may include annual cash bonuses, stock grants, and a comprehensive benefits package. Equal Employment Opportunity
Autodesk is an equal opportunity employer and considers all qualified applicants for employment without regard to race, color, religion, age, sex, sexual orientation, gender identity, national origin, disability, veteran status or any other legally protected characteristic. We also consider all qualified applicants regardless of criminal histories, consistent with applicable law. Diversity & Belonging
We cultivate a culture of belonging where everyone can thrive. Learn more at Autodesk’s Diversity & Belonging pages.
#J-18808-Ljbffr