Apply on Employer Site

Autodesk · 1 day ago

Manager, Third-Party Risk Management - FedRAMP

United States

Full-time

Remote

Senior Level

$136K/yr - $243K/yr

7+ years exp

Autodesk is a company that creates innovative software for various industries. They are seeking a Manager for their Third-Party Risk Management team to oversee the risk lifecycle of third-party vendors, conduct technical due diligence, and collaborate across teams to mitigate security risks while enabling business growth.

3D PrintingConstructionSoftwareManufacturingArchitecture & Design3D TechnologyArchitectureSoftware Engineering

Comp. & Benefits

No H1B

U.S. Citizen Only

Responsibilities

Establish team goals and work with direct reports on strategies for executing, measuring progress, and sharing results

Assessing technical security risks of third-party vendors during initial due diligence, integration, and re-assessment, focusing on technical trust risks (security, data privacy, resilience, trusted AI, and compliance risks)

Operating and improving Autodesk’s third-party risk management systems, including leveraging tools like OneTrust for workflows and developing models for risk quantification

Partner with Legal, Trust, and business owners to embed comprehensive Trust (security, privacy, resilience, trusted AI) requirements directly into contracts, ensuring alignment with policies and compliance frameworks (e.g., GDPR, CCPA, SOC2, NIST, etc)

Liaising with high-risk vendors to understand their security posture, advocate for aligned improvements, and provide advisory on identified risks

Developing and maintaining processes that enhance the efficiency and scalability of third-party evaluations, continuous monitoring, and off-boarding procedures

Maintain a comprehensive third-party inventory and risk register, presenting findings, trends, and action plans to senior leadership

Working with internal teams to investigate and respond to third-party related security incidents, defining escalation procedures and remediation requirements

Responsible for the management of all employees on the team including staffing and scheduling, compensation, performance management, training and development

Attract retain and motivate the team to achieve management business objectives. Demonstrated leadership skills to train, develop and coach others in the execution of the program

Demonstrate 'critical thinking' to analyze complex workflows and big picture themes, make decisions and problem solve without requiring ongoing direction setting

Ability to problem solve and identify solutions to third party risks that are appropriate based on business context and risk materiality

Passionate about rapid value creation through quick wins and long-term balanced value creation

A strong change manager with the tenacity to follow through to closure

Being a good communicator is crucial to the role as we look to paint exciting visuals for overall program designs and operating models to influence partners and leadership

Qualification

Technical risk assessmentThird-party risk managementPeople leadershipRisk quantificationCISSP certificationTPRM tools experienceSecurity concepts knowledgeAutomation skillsChange managementCommunication skillsCritical thinkingProblem-solving

Required

7+ years of progressive experience in performing technical third-party security reviews or as a principal technical risk assessor, or GRC engineer role, preferably within a technology company

3+ years of people leadership experience in a globally distributed, hybrid, or remote environment

Professional certifications such as CISSP, CCSP, CCSA, CISM, CIPP/US, CIPP/E, CIPM, CIPT

Hands-on experience with TPRM tools (e.g., OneTrust, ZENGRC, ServiceNOW, BitSight, SecurityScorecard)

Familiarity with security concepts, including IAM, firewalls, APIs, vulnerabilities (CVE), software supply chain risks, data lakes and data warehouses

Proven ability with automation of processes through scripting, AI, or tooling

Strong verbal and written communication and stakeholder engagement skills with experience effectively communicating synchronously and asynchronously in a remote/hybrid environment

Proven ability to influence decision-makers and articulate complex technical risks and control concepts to non-technical stakeholders, including senior executives and audit committees

Preferred

Experience negotiating vendor contracts and working to define Trust requirement (security, resilience, AI, privacy) clauses

Familiarity with and/or hands-on experience applying risk quantification frameworks (e.g., FAIR) and risk metrics in reporting

Experience building risk management programs leveraging automation, AI, and continuous monitoring techniques

Familiarity with AI concepts, tools, policies, and best practices, particularly concerning LLM security risks like prompt injection, training data poisoning, and insecure output handling

Benefits

Health and financial benefits

Time away

Everyday wellness

Annual cash bonuses

Commissions for sales roles

Stock grants

A comprehensive benefits package

Company

Autodesk

Glassdoor4.3

Autodesk develops 3D design software for use in the architecture, engineering, construction, and media industries.

Founded in 1982

San Francisco, California, USA

10001+ employees

http://www.autodesk.com

Funding

Current Stage

Public Company

Total Funding

$1.5B

Key Investors

CitibankOK Blockchain Capital

2025-07-01Acquired

2025-05-08Post Ipo Debt· $1.5B

2020-08-25Seed

Leadership Team

Janesh Moorjani

CFO

Amy Bunszel

Executive Vice President, Architecture, Engineering and Construction

Recent News

thesaasnews.com

Qflow Raises £2M Strategic Investment

2026-02-07

EU-Startups

Female-led UK construction data startup Qflow secures €2.3 million strategic investment from Autodesk

2026-02-06

Investing.com

Factbox-Corporate America continues job cuts in 2026 in efficiency push

2026-02-06

Company data provided by crunchbase