Job Requisition ID #
25WD86545
Position Overview
As a Trust GRC Analyst in the GRC & Privacy Operations team, you will be responsible for analyzing and streamlining operational tasks and processes to ensure Autodesk's protection and compliance with global regulations.
Responsibilities
- Perform third-party risk assessments (TPRM), which include integration reviews, Privacy Impact Assessments (PIA), supporting Privacy Incidents (PIM), responding to Requests for Information (RFI), contributing to the team's performance metrics, assisting with the Trust Risk Acceptance process, and supporting other programs that the team is or will be handling
- Work with multiple stakeholders across Autodesk to facilitate the Trust Risk Acceptance process by supporting day-to-day operations, analyzing, mitigating, and escalating exceptions as needed
- While performing these activities, you will be responsible for assessing security posture, identifying risks, and providing guidance on risk remediation
- Work with key stakeholders within Autodesk including Business owners, Privacy consultants, Application owners, Procurement, Legal and other business teams to complete risk assessments and to comply with audit requirements. Provide guidance on privacy and security improvements, as well as integration recommendations
- Support Autodesk's responsibility to protect our customers' personal data and ensure its proper use
- Enhance Autodesk's ability to protect its environment by designing, developing, and implementing security analytics, assessments, and response systems to optimize Autodesk's security investments
Want more jobs like this?
Get jobs in Bangalore, India delivered to your inbox every week.
Minimum Qualifications
- The preferred candidate will have 4-6 years of experience in third-party risk management, privacy assessment, network security, application security, and vulnerability management. Acceptable candidates will have 5-7 years general cybersecurity risk (all are encouraged to apply), risk management, or compliance
- Deep knowledge and understanding of security concepts on Endpoint Protection, Vulnerability Management, firewalls, network segmentation, Application security and infrastructure security
- The preferred candidate will understand how to assess the impact of various privacy and security risks along the NIST (National Institute of Standards and Technology) Cybersecurity framework. This includes but is not limited to:
- How to create a threat model
- How control works to mitigate a risk and understanding risk lifecycle.
- The essentials of cybersecurity tools such as endpoint protection, vulnerability management, firewalls, and network segmentation.
- An understanding of common criteria such as OWASP (Open Web Application Security Project) top 10.
- The preferred candidate will have experience reviewing and assessing global privacy requirements such as GDPR, CCPA, etc., SOC 2 attestations, and making recommendations from their findings
- Knowledge of the risk assessment process and control frameworks such as ISO 27002. Additional familiarity with compliance certification including SSAE 16, ISO27001, GDPR, etc. is required
- Knowledge of OWASP top 10 vulnerabilities
- Knowledge of network and internet architecture
- Excellent analytical skills, organizational skills, ingenuity, and the ability to work as part of a team
- Excellent communication skills and ability to deal with conflict and lead negotiations.
- Advanced interpersonal skills to effectively promote ideas and collaboration at the various levels of the organization
Preferred Qualifications
- Advanced interpersonal skills to effectively promote ideas and collaboration at various levels of the organization
- Experience implementing security controls
- Strong understanding of cloud environments
- Strong understanding of data classification and protection
- Strong project management skills and the ability to work cross-functionally across multiple teams
- Experience conducting security due diligence assessments
- Any of the following certifications are a plus: GIAC (various), Security+, CEH, Microsoft, ITIL
- CISSP (Certified Information System Security Professional) from ISC2 or the GSEC (GIAC Security Essentials Certification) from the SANS Institute or preferably author or contributor to a security tool
#LI-RV1
Learn More
About Autodesk
Welcome to Autodesk! Amazing things are created every day with our software - from the greenest buildings and cleanest cars to the smartest factories and biggest hit movies. We help innovators turn their ideas into reality, transforming not only how things are made, but what can be made.
We take great pride in our culture here at Autodesk - our Culture Code is at the core of everything we do. Our values and ways of working help our people thrive and realize their potential, which leads to even better outcomes for our customers.
When you're an Autodesker, you can be your whole, authentic self and do meaningful work that helps build a better future for all. Ready to shape the world and your future? Join us!
Salary transparency
Salary is one part of Autodesk's competitive compensation package. Offers are based on the candidate's experience and geographic location. In addition to base salaries, we also have a significant emphasis on discretionary annual cash bonuses, commissions for sales roles, stock or long-term incentive cash grants, and a comprehensive benefits package.
Diversity & Belonging
We take pride in cultivating a culture of belonging and an equitable workplace where everyone can thrive. Learn more here: https://www.autodesk.com/company/diversity-and-belonging
Are you an existing contractor or consultant with Autodesk?
Please search for open jobs and apply internally (not on this external site).