About the Role
Autodesk’s Third-Party Risk Management (TPRM) team plays a vital role in identifying, assessing the technical security risks of third-party’s, and the downstream monitoring of Autodesk’s overall third-party risk posture. TPRM partners with ESE (IT), Implementation Engineering, Information Security Engineering, SaaS Security Engineering, Network Security Engineering, Procurement, Purchasing, Legal, Security, Privacy, the AI team, Vendor Management, and other group verticals to reduce security risks. A key priority is enabling our business leaders through education to address and mitigate technical third-party security risks.
You will oversee the entire third-party risk lifecycle, conducting robust technical due diligence during onboarding, performing comprehensive re-assessments, and managing off-boarding procedures. You will evaluate emerging risks introduced by technologies such as Artificial Intelligence (AI), Large Language Models (LLMs), data lakes, and data warehouses. You must collaborate across teams and influence decision-makers to mitigate risks while enabling secure business growth.
About
This is an exciting opportunity to drive innovation through developing risk quantification, use of cutting-edge tooling, and strategic partnerships within Autodesk’s vast and diverse global third-party ecosystem. This role will act as a people leader, program leader, and senior individual contributor all in one. As such, we are looking for someone who can balance wearing all three hats and is excited about:
Growing and building the knowledge and capabilities of their direct reports to expand on our existing agile innovative remote team culture
Shifting between the longer-term strategic vision of the program in collaboration with key stakeholders and delivering on day-to-day operational activities as an experienced and extremely knowledgeable senior individual contributor.
Responsibilities
Establish team goals and work with direct reports on strategies for executing, measuring progress, and sharing results
Assessing technical security risks of third-party vendors during initial due diligence, integration, and re-assessment, focusing on technical trust risks (security, data privacy, resilience, trusted AI, and compliance risks)
Operating and improving Autodesk’s third-party risk management systems, including leveraging tools like OneTrust for workflows and developing models for risk quantification
Partner with Legal, Trust, and business owners to embed comprehensive Trust (security, privacy, resilience, trusted AI) requirements directly into contracts, ensuring alignment with policies and compliance frameworks (e.g., GDPR, CCPA, SOC2, NIST, etc)
Liaising with high-risk vendors to understand their security posture, advocate for aligned improvements, and provide advisory on identified risks
Developing and maintaining processes that enhance the efficiency and scalability of third-party evaluations, continuous monitoring, and off-boarding procedures
Maintain a comprehensive third-party inventory and risk register, presenting findings, trends, and action plans to senior leadership
Working with internal teams to investigate and respond to third-party related security incidents, defining escalation procedures and remediation requirements
Responsible for the management of all employees on the team including staffing and scheduling, compensation, performance management, training and development
Attract retain and motivate the team to achieve management business objectives. Demonstrated leadership skills to train, develop and coach others in the execution of the program
Demonstrate 'critical thinking' to analyze complex workflows and big picture themes, make decisions and problem solve without requiring ongoing direction setting
Ability to problem solve and identify solutions to third party risks that are appropriate based on business context and risk materiality
Passionate about rapid value creation through quick wins and long-term balanced value creation
A strong change manager with the tenacity to follow through to closure
Being a good communicator is crucial to the role as we look to paint exciting visuals for overall program designs and operating models to influence partners and leadership
Requirements
In accordance with U.S. government contracting and FedRAMP compliance obligations, this role requires U.S. citizenship or U.S. lawful permanent residency. Employment is contingent upon meeting all applicable government security and eligibility requirements.
Minimum Qualifications
- 7+ years of progressive experience in performing technical third-party security reviews or as a principal technical risk assessor, or GRC engineer role, preferably within a technology company
- 3+ years of people leadership experience in a globally distributed, hybrid, or remote environment
- Professional certifications such as CISSP, CCSP, CCSA, CISM, CIPP/US, CIPP/E, CIPM, CIPT
- Hands-on experience with TPRM tools (e.g., OneTrust, ZENGRC, ServiceNOW, BitSight, SecurityScorecard)
- Familiarity with security concepts, including IAM, firewalls, APIs, vulnerabilities (CVE), software supply chain risks, data lakes and data warehouses
- Proven ability with automation of processes through scripting, AI, or tooling
- Strong verbal and written communication and stakeholder engagement skills with experience effectively communicating synchronously and asynchronously in a remote/hybrid environment
- Proven ability to influence decision-makers and articulate complex technical risks and control concepts to non-technical stakeholders, including senior executives and audit committees
Preferred Qualifications
- Experience negotiating vendor contracts and working to define Trust requirement (security, resilience, AI, privacy) clauses
- Familiarity with and/or hands-on experience applying risk quantification frameworks (e.g., FAIR) and risk metrics in reporting
- Experience building risk management programs leveraging automation, AI, and continuous monitoring techniques
- Familiarity with AI concepts, tools, policies, and best practices, particularly concerning LLM security risks like prompt injection, training data poisoning, and insecure output handling
About the Company
Autodesk is changing how the world is designed and made.
Our technology spans architecture, engineering, construction, product design, manufacturing, and media and entertainment. We empower innovators everywhere to solve challenges, big and small. From greener buildings to smarter products and more mesmerizing blockbusters, Autodesk software helps our customers design and make a better world for all.
Over 100 million people use Autodesk software, like AutoCAD, Revit, Maya, 3ds Max, Fusion, SketchBook, and more, to unlock their creativity and solve important design, business, and environmental challenges. Our software runs on both personal computers and mobile devices. It taps the infinite computing power of the cloud to help teams around the world collaborate, design, simulate, and fabricate their ideas in 3D.
We provide exceptional compensation and benefit packages, and we’d love for you to join us. We’re proud to be an equal opportunity employer, and we consider all qualified applicants without regard to race, gender, disability, veteran status, or other protected category. To see our culture in action, check out #AutodeskLife.
We are headquartered in the San Francisco Bay Area and have over 10,000 employees worldwide.