Systems Engineer, Information Security -Third Party Risk Management

About The Position

Requirements

• Typically four to seven years' experience in a third party risk management, vendor management, or cyber risk management role in a mid- to large-enterprise environment.
• Solid task estimation, planning and execution skills.
• Solid problem solving, domain technical and analytical skills.
• Solid skills in risk assessment methodologies and vendor evaluation techniques.
• Solid knowledge of one or more of the following functional areas: Third Party Risk Management Program implementation and operations, including vendor onboarding, due diligence, continuous monitoring, and offboarding.
• Understanding of common security domains such as Infrastructure and Network Security, Application Security, and Data Protection to effectively evaluate vendor security controls.
• Knowledge of relevant industry standards and compliance frameworks (e.g., SOC 2, ISO 27001, NIST, PCI DSS).
• Formal Risk Management experience, including risk identification, scoring, and reporting.

Nice To Haves

• Experience with OneTrust, Ariba Contract Management, BitSight Continuous Monitoring.
• Bachelor's degree in Computer Science, Information Systems, or a related field.
• Understanding of, and experience with, scripting or coding languages and generative AI to assist in process automation.

Responsibilities

• Participate in any and potentially all roles of the third party risk management life cycle.
• Responsible for the assessment of third-party security controls, services, and architecture to ensure they meet AutoZone's security requirements.
• Identify security concerns and mitigating controls; identify, document, and manage risks to AutoZone data, systems, and processes arising from third-party relationships.
• Accurate work planning and execution; accurate project and time tracking.
• Teaching, coaching, and technical mentoring on third party risk management subject matter to less senior analysts and business stakeholders.