Vendor Risk Management Specialist – Cybersecurity
Acuity
full-time
Posted on:
Location Type: Hybrid
Location: 🇺🇸 United States
Visit company websiteSalary
💰 $55,300 - $99,500 per year
Job Level
Junior
Tech Stack
Cyber Security
About the role
- Assist in advancing Acuity’s IT Vendor Risk Management program.
- Conduct Vendor Security Reviews (VSRs) for all existing and newly onboarded third-party technology vendors.
- Prepare and present risk assessments, findings, and recommendations to business stakeholders.
- Maintain a centralized repository of third-party vendors & technologies to monitor risk and compliance.
- Act as a liaison between the Security team and departments such as Legal, Sourcing, HR, and IT.
- Contribute to the development and continuous improvement of VRM-related policies and procedures.
- Assist the Acuity Privacy with the management of Employee and Customer data.
- Assist in the management of Data Subject Access Requests (DSAR).
- Assist in the mapping and management of Acuity’s PI/PII relevant data stores.
Requirements
- Bachelor’s degree in Information Technology, Cybersecurity, or Governance, Risk & Compliance (GRC); or equivalent experience.
- Solid understanding of cybersecurity frameworks and standards (e.g., ISO 27001, NIST, SOC 2, SOX).
- Familiarity with global privacy regulations (e.g., GDPR, CCPA/CPRA).
- Strong written and verbal communication skills.
- Proficiency in Microsoft Office tools.
- Excellent time management, problem-solving, and ability to follow structured processes.
- Professional certifications in Cybersecurity, GRC, or Vendor Risk Management (Preferred).
- Experience working in a large enterprise environment (Preferred).
- Hands-on experience with VRM platforms such as ProcessUnity or similar (Preferred).
- Familiarity with vendor risk monitoring tools like BitSight or equivalent (Preferred).
Benefits
- health care
- dental coverage
- vision plans
- 401K benefits
- commissions/incentive compensation
Applicant Tracking System Keywords
Tip: use these terms in your resume and cover letter to boost ATS matches.
Hard skills
cybersecurity frameworksISO 27001NISTSOC 2SOXVendor Risk ManagementData Subject Access RequestsPII managementrisk assessmentscompliance monitoring
Soft skills
written communicationverbal communicationtime managementproblem-solvingstructured processes
Certifications
Cybersecurity certificationGRC certificationVendor Risk Management certification