Vendor Risk Management Specialist - Cybersecurity

Job Summary

The Vendor Risk Manager Specialist will assist the Cyber GRC VRM team in processing existing and new technologyThis role is critical to ensuring third-party technology partners meet Acuity’s security and compliance standards. You will collaborate across departments, conduct Vendor Security Reviews (VSRs), and help shape our IT Vendor/3rd Party risk management policies & procedures.

Key Tasks & Responsibilities (Essential Functions)

Vendor Risk Management
•    Assist in advancing Acuity’s IT Vendor Risk Management program.
•    Conduct Vendor Security Reviews (VSRs) for all existing and newly onboarded third-party technology vendors.
•    Prepare and present risk assessments, findings, and recommendations to business stakeholders.
•    Maintain a centralized repository of third-party vendors & technologies to monitor risk and compliance.
•    Act as a liaison between the Security team and departments such as Legal, Sourcing, HR, and IT.
•    Contribute to the development and continuous improvement of VRM-related policies and procedures.

Privacy
•    Assist the Acuity Privacy with the management of Employee and Customer data.
•    Assist in the management of Data Subject Access Requests (DSAR).
•    Assist in the mapping and management of Acuity’s PI/PII relevant data stores.

Skills and Minimum Experience Required

Required Qualifications
•    Bachelor’s degree in Information Technology, Cybersecurity, or Governance, Risk & Compliance (GRC); or equivalent experience.
•    Solid understanding of cybersecurity frameworks and standards (e.g., ISO 27001, NIST, SOC 2, SOX).
•    Familiarity with global privacy regulations (e.g., GDPR, CCPA/CPRA).
•    Strong written and verbal communication skills.
•    Proficiency in Microsoft Office tools.
•    Excellent time management, problem-solving, and ability to follow structured processes.

Preferred Qualifications
•    Professional certifications in Cybersecurity, GRC, or Vendor Risk Management
•    Experience working in a large enterprise environment.
•    Hands-on experience with VRM platforms such as ProcessUnity or similar.
•    Familiarity with vendor risk monitoring tools like BitSight or equivalent.

Why Work for Acuity
•    At Acuity, you’ll join a cybersecurity organization that is recognized for its strategic importance, investment in people, and commitment to innovation. Our cybersecurity program is not just about protecting assets—it’s about enabling the business, building trust with our customers, and empowering our associates to thrive in a rapidly evolving digital landscape.
•    Culture of Learning and Collaboration: We foster a culture that prioritizes continuous learning, knowledge sharing, and cross-functional teamwork as core values. You’ll collaborate with experts in Legal, HR, Product Security, Engineering, and more, ensuring your work is always relevant and impactful. 
•    People-Focused Values: Acuity is a values-driven organization. We believe in integrity, curiosity, and creating an environment where the best people come to do their best work. Our leadership is committed to attracting, developing, and retaining top talent, and we celebrate the diverse perspectives and backgrounds of our team members.

Join Acuity and help us build a safer, smarter, and more resilient future—where your expertise and passion for cybersecurity will make a real difference.


#LI-EK1