Senior Trust Risk Analyst

Senior Trust Risk Analyst

Job Requisition ID # 25WD86241

Position Overview

The Risk team in the Trust organization is responsible for implementing and maintaining a world class Trust Risk (Security, Privacy, Resilience, Trusted AI, Supply Chain) program, supporting our product, engineering, and operations to enable risk-based decision making and prioritization in support of our commitment to being a trusted partner to our customers and communities. As a Sr. Trust Risk Analyst, you will be responsible for identifying and managing trust risks across Autodesk’s environment and critical business functions.

You will be a key input to stakeholders as they set out to foster trust from a security, privacy, Trusted AI, supply chain, and a resilience standpoint by providing insights into the risk/reward balance. You will facilitate the trust risk management process and help determine our trust risk posture on a global scale! You will build and implement trust risk management techniques, assessments, dashboards, guidelines, standards, and policies. You will champion trust risk management through cross-functional collaboration with stakeholders. You will improve our trust risk posture by aligning our processes with industry-best practices and frameworks and the implementation of risk reducing controls.

Responsibilities

• Partner with stakeholders and your team to develop capability roadmaps, identify and deliver key results to achieve roadmap milestones.
• Facilitate risk management activities for trust.
• Document and report on results of risk assessments to various levels of leadership.
• Collaborate with all levels of leadership within Trust, engineering, product teams, and other business areas to identify and assess risk, track mitigations, and monitor Autodesk controls through risk prioritization.
• Analyze process, documentation, and workflows to develop gap analysis and identify and prioritize process improvements.
• Establish key risk indicators (KRIs) and metrics to monitor the Trust risk posture of the company.
• Identification of key risks and opportunities followed by thorough analysis to develop proposed recommendations for risk optimization.
• Develop industry-specific expertise to develop value-add insights risk engagements.
• Assess risk and trust posture across the organization, using a mix of quantitative and qualitative factors.
• Demonstrable ability to influence, advise and challenge the business on security assumptions.
• Assess and drive improvement of trust risk posture across a diverse set of services and technologies in the context of building a trusted platform architecture.
• Partner with the risk owners to drive alignment on the remediation timelines and expectations for risk treatment plans.

Minimum Qualifications

• 5 years of security risk management background, especially in the fields of SaaS security, privacy, resilience, ethical AI, and cloud platform security (IaaS, PaaS).
• Working knowledge of Governance, Risk, and Compliance tools.
• Experience reporting on risks and program operations to management.
• Experience recommending mitigating controls and driving risk remediation.
• Strong cross-functional skills, specifically gaining alignment with teams outside of initial sphere of influence and gaining buy-in.
• Experience with cloud computing, AWS (Amazon Web Services), Azure, or GCP (Google Cloud Platform) and their security services/technologies.
• Strong understanding of IAM, data protection, logging & monitoring, vulnerability management, threat detection & prevention, and IT integration.

Preferred Qualifications

• 5-7 years in a combination of risk management, technology or audit management.
• Ability to program/script for automations in at least one language; Python, GO, JavaScript, Bash, or PowerShell.
• CISSP, CRISC, OSCP, CISA, CISM, CIPP/US, CIPP/E, or other related cybersecurity certifications desirable but not required.
• Working knowledge of risk appetite, tolerance, limits, variance, and trade-offs.
• Familiarity with common risk frameworks such as NIST, ISO, CIS RAM, etc.
• Consulting experience a plus.
• Excellent analytical and organizational skills combined with the ambition, ingenuity and the ability to work as part of a team.
• Education: Bachelor’s degree. Masters a plus.

The Ideal candidate

• You are accountable. You take ownership of your engagements and see them through from identification to monitoring and reporting.
• You are smart. Proven ability to identify and assess business risks and controls, perform root cause analysis and work with business partners to develop practical recommendations to optimize risks.
• You are innovative. You know that there is no single way or one-size-fits-all.
• You take into account inputs and constraints to devise a path to meeting objectives.
• You have high integrity. You are honest and transparent and do not hesitate to go above and beyond for our customers, employees, and partners.