Establish team goals and work with direct reports on strategies for executing, measuring progress, and sharing results
Assessing technical security risks of third-party vendors during initial due diligence, integration, and re-assessment, focusing on technical trust risks (security, data privacy, resilience, trusted AI, and compliance risks)
Operating and improving Autodesk’s third-party risk management systems, including leveraging tools like OneTrust for workflows and developing models for risk quantification
Partner with Legal, Trust, and business owners to embed comprehensive Trust (security, privacy, resilience, trusted AI) requirements directly into contracts, ensuring alignment with policies and compliance frameworks (e.g., GDPR, CCPA, SOC2, NIST, etc)
Liaising with high-risk vendors to understand their security posture, advocate for aligned improvements, and provide advisory on identified risks
Developing and maintaining processes that enhance the efficiency and scalability of third-party evaluations, continuous monitoring, and off-boarding procedures
Maintain a comprehensive third-party inventory and risk register, presenting findings, trends, and action plans to senior leadership
Working with internal teams to investigate and respond to third-party related security incidents, defining escalation procedures and remediation requirements
Responsible for the management of all employees on the team including staffing and scheduling, compensation, performance management, training and development
Requirements
7+ years of progressive experience in performing technical third-party security reviews or as a principal technical risk assessor, or GRC engineer role, preferably within a technology company
3+ years of people leadership experience in a globally distributed, hybrid, or remote environment
Professional certifications such as CISSP, CCSP, CCSA, CISM, CIPP/US, CIPP/E, CIPM, CIPT
Familiarity with security concepts, including IAM, firewalls, APIs, vulnerabilities (CVE), software supply chain risks, data lakes and data warehouses
Proven ability with automation of processes through scripting, AI, or tooling
Strong verbal and written communication and stakeholder engagement skills with experience effectively communicating synchronously and asynchronously in a remote/hybrid environment
Proven ability to influence decision-makers and articulate complex technical risks and control concepts to non-technical stakeholders, including senior executives and audit committees.