Manager, Third-Party Risk Management - FedRAMP

Position Overview

Autodesk’s Third-Party Risk Management (TPRM) team plays a vital role in identifying, assessing the technical security risks of third-party’s, and the downstream monitoring of Autodesk’s overall third-party risk posture. TPRM partners with ESE (IT), Implementation Engineering, Information Security Engineering, SaaS Security Engineering, Network Security Engineering, Procurement, Purchasing, Legal, Security, Privacy, the AI team, Vendor Management, and other group verticals to reduce security risks. A key priority is enabling our business leaders through education to address and mitigate technical third-party security risks.

You will oversee the entire third-party risk lifecycle, conducting robust technical due diligence during onboarding, performing comprehensive re-assessments, and managing off-boarding procedures. You will evaluate emerging risks introduced by technologies such as Artificial Intelligence (AI), Large Language Models (LLMs), data lakes, and data warehouses. You must collaborate across teams and influence decision-makers to mitigate risks while enabling secure business growth.

This is an exciting opportunity to drive innovation through developing risk quantification, use of cutting-edge tooling, and strategic partnerships within Autodesk’s vast and diverse global third-party ecosystem. This role will act as a people leader, program leader, and senior individual contributor all in one. As such, we are looking for someone who can balance wearing all three hats.

In accordance with U.S. government contracting and FedRAMP compliance obligations, this role requires U.S. citizenship or U.S. lawful permanent residency. Employment is contingent upon meeting all applicable government security and eligibility requirements.

Responsibilities

• Establish team goals and work with direct reports on strategies for executing, measuring progress, and sharing results

• Assessing technical security risks of third-party vendors during initial due diligence, integration, and re-assessment, focusing on technical trust risks (security, data privacy, resilience, trusted AI, and compliance risks)

• Operating and improving Autodesk’s third-party risk management systems, including leveraging tools like OneTrust for workflows and developing models for risk quantification

• Partner with Legal, Trust, and business owners to embed comprehensive Trust (security, privacy, resilience, trusted AI) requirements directly into contracts, ensuring alignment with policies and compliance frameworks (e.g., GDPR, CCPA, SOC2, NIST, etc)

• Liaising with high-risk vendors to understand their security posture, advocate for aligned improvements, and provide advisory on identified risks

• Developing and maintaining processes that enhance the efficiency and scalability of third-party evaluations, continuous monitoring, and off-boarding procedures

• Maintain a comprehensive third-party inventory and risk register, presenting findings, trends, and action plans to senior leadership

• Working with internal teams to investigate and respond to third-party related security incidents, defining escalation procedures and remediation requirements

• Responsible for the management of all employees on the team including staffing and scheduling, compensation, performance management, training and development

• Attract retain and motivate the team to achieve management business objectives. Demonstrated leadership skills to train, develop and coach others in the execution of the program

• Demonstrate 'critical thinking' to analyze complex workflows and big picture themes, make decisions and problem solve without requiring ongoing direction setting

• Ability to problem solve and identify solutions to third party risks that are appropriate based on business context and risk materiality

• Passionate about rapid value creation through quick wins and long-term balanced value creation

• A strong change manager with the tenacity to follow through to closure

• Being a good communicator is crucial to the role as we look to paint exciting visuals for overall program designs and operating models to influence partners and leadership

Minimum Qualifications

• 7+ years of progressive experience in performing technical third-party security reviews or as a principal technical risk assessor, or GRC engineer role, preferably within a technology company

• 3+ years of people leadership experience in a globally distributed, hybrid, or remote environment

• Professional certifications such as CISSP, CCSP, CCSA, CISM, CIPP/US, CIPP/E, CIPM, CIPT

• Hands-on experience with TPRM tools (e.g., OneTrust, ZENGRC, ServiceNOW, BitSight, SecurityScorecard)

• Familiarity with security concepts, including IAM, firewalls, APIs, vulnerabilities (CVE), software supply chain risks, data lakes and data warehouses

• Proven ability with automation of processes through scripting, AI, or tooling

• Strong verbal and written communication and stakeholder engagement skills with experience effectively communicating synchronously and asynchronously in a remote/hybrid environment

• Proven ability to influence decision-makers and articulate complex technical risks and control concepts to non-technical stakeholders, including senior executives and audit committees

Preferred Qualifications

• Experience negotiating vendor contracts and working to define Trust requirement (security, resilience, AI, privacy) clauses

• Familiarity with and/or hands-on experience applying risk quantification frameworks (e.g., FAIR) and risk metrics in reporting

• Experience building risk management programs leveraging automation, AI, and continuous monitoring techniques

• Familiarity with AI concepts, tools, policies, and best practices, particularly concerning LLM security risks like prompt injection, training data poisoning, and insecure output handling

The Ideal Candidate

• Growing and building the knowledge and capabilities of their direct reports to expand on our existing agile innovative remote team culture

• Shifting between the longer-term strategic vision of the program in collaboration with key stakeholders and delivering on day-to-day operational activities as an experienced and extremely knowledgeable senior individual contributor

Learn More

About Autodesk

Welcome to Autodesk! Amazing things are created every day with our software – from the greenest buildings and cleanest cars to the smartest factories and biggest hit movies. We help innovators turn their ideas into reality, transforming not only how things are made, but what can be made.

We take great pride in our culture here at Autodesk – it’s at the core of everything we do. Our culture guides the way we work and treat each other, informs how we connect with customers and partners, and defines how we show up in the world.

When you’re an Autodesker, you can do meaningful work that helps build a better world designed and made for all. Ready to shape the world and your future? Join us!

Benefits

From health and financial benefits to time away and everyday wellness, we give Autodeskers the best, so they can do their best work. Learn more about our benefits in the U.S. by visiting

Salary transparency

Salary is one part of Autodesk’s competitive compensation package. For U.S.-based roles, we expect a starting base salary between $136,000 and $243,210. Offers are based on the candidate’s experience and geographic location, and may exceed this range. In addition to base salaries, our compensation package may include annual cash bonuses, commissions for sales roles, stock grants, and a comprehensive benefits package.

Equal Employment Opportunity