Systems Engineer, Information Security -third Party Risk Management

Job Description

This position is responsible for the development, maintenance, and execution of AutoZone's Third Party Risk Management (TPRM) program.

Primary responsibilities include program management of the TPRM lifecycle, to include conducting due diligence, assessing and monitoring the security posture of third-party vendors and partners, contract risk analysis, and driving risk mitigation efforts.

This also includes teaching domain expertise, providing technical guidance and mentoring, supporting internal business partners, resolving problems, and training as required.

Responsibilities



* Participate in any and potentially all roles of the third party risk management life cycle.

Roles may vary by project and assignment.

This may include, but is not limited to:


* Responsible for the assessment of third-party security controls, services, and architecture to ensure they meet AutoZone's security requirements.


* Identify security concerns and mitigating controls; identify, document, and manage risks to AutoZone data, systems, and processes arising from third-party relationships.


* Accurate work planning and execution; accurate project and time tracking.


* Teaching, coaching, and technical mentoring on third party risk management subject matter to less senior analysts and business stakeholders.

Qualifications



* Typically four to seven years' experience in a third party risk management, vendor management, or cyber risk management role in a mid- to large-enterprise environment.


* Solid task estimation, planning and execution skills.


* Solid problem solving, domain technical and analytical skills.


* Solid skills in risk assessment methodologies and vendor evaluation techniques.


* Solid knowledge of one or more of the following functional areas
o Third Party Risk Management Program implementation and operations, including vendor onboarding, due diligence, continuous monitoring, and offboarding.
o Understanding of common security domains such as Infrastructure and Network Security, Application Security, and Data Protection to effectively evaluate vendor security controls.
o Knowledge of relevant industry standards and compliance frameworks (e.g., SOC 2, ISO 27001, NIST, PCI DSS).
o Formal Risk Management experience, including risk identification, scoring, and reporting.


* Preferred: Experience with OneTrust, Ariba Contract Management, BitSight Continuous Monitoring


* Preferred: Bachelor's degree in Computer Science, Information Systems, or a related field.


* Preferred: Understanding of, and experience with, scripting or coding languages and generative AI to assist in process automation.

About Autozone

Since opening our first store in 1979, AutoZone has grown into a leading retailer and distributor of automotive parts and accessories across the Americas.

Our customer-first mindset and commitment to Going the Extra Mile define who we are, for both our c...