Vendor Risk Management Specialist - Cybersecurity

Acuity Inc. (NYSE: AYI) is a market-leading industrial technology company. We use technology to solve problems in spaces, light and more things to come. Through our two business segments, Acuity Brands Lighting (ABL) and Acuity Intelligent Spaces (AIS), we design, manufacture, and bring to market products and services that make a valuable difference in peopleu2019s lives. We achieve growth through the development of innovative new products and services, including lighting, lighting controls, building management solutions, and an audio, video and control platform. We focus on customer outcomes and drive growth and productivity to increase market share and deliver superior returns. We look to aggressively deploy capital to grow the business and to enter attractive new verticals. Acuity Inc. is based in Atlanta, Georgia, with operations across North America, Europe and Asia. The Company is powered by approximately 13,000 dedicated and talented associates. Visit us at . Work location: + This position may be based anywhere in the United States and includes travel as part of the responsibilities. + This position requires on-site presence in Remote US-Non Cali, following a hybrid work model. + This position requires on-site presence in Remote US-Non Cali, must report to the office every business day. Job Summary The Vendor Risk Manager Specialist will assist the Cyber GRC VRM team in processing existing and new technologyThis role is critical to ensuring third-party technology partners meet Acuityu2019s security and compliance standards. You will collaborate across departments, conduct Vendor Security Reviews (VSRs), and help shape our IT Vendor/3rd Party risk management policies & procedures. Key Tasks & Responsibilities (Essential Functions) Vendor Risk Management u2022 Assist in advancing Acuityu2019s IT Vendor Risk Management program. u2022 Conduct Vendor Security Reviews (VSRs) for all existing and newly onboarded third-party technology vendors. u2022 Prepare and present risk assessments, findings, and recommendations to business stakeholders. u2022 Maintain a centralized repository of third-party vendors & technologies to monitor risk and compliance. u2022 Act as a liaison between the Security team and departments such as Legal, Sourcing, HR, and IT. u2022 Contribute to the development and continuous improvement of VRM-related policies and procedures. Privacy u2022 Assist the Acuity Privacy with the management of Employee and Customer data. u2022 Assist in the management of Data Subject Access Requests (DSAR). u2022 Assist in the mapping and management of Acuityu2019s PI/PII relevant data stores. Skills and Minimum Experience Required Required Qualifications u2022 Bacheloru2019s degree in Information Technology, Cybersecurity, or Governance, Risk & Compliance (GRC); or equivalent experience. u2022 Solid understanding of cybersecurity frameworks and standards (e.g., ISO 27001, NIST, SOC 2, SOX). u2022 Familiarity with global privacy regulations (e.g., GDPR, CCPA/CPRA). u2022 Strong written and verbal communication skills. u2022 Proficiency in Microsoft Office tools. u2022 Excellent time management, problem-solving, and ability to follow structured processes. Preferred Qualifications u2022 Professional certifications in Cybersecurity, GRC, or Vendor Risk Management u2022 Experience working in a large enterprise environment. u2022 Hands-on experience with VRM platforms such as ProcessUnity or similar. u2022 Familiarity with vendor risk monitoring tools like BitSight or equivalent. Why Work for Acuity u2022 At Acuity, youu2019ll join a cybersecurity organization that is recognized for its strategic importance, investment in people, and commitment to innovation. Our cybersecurity program is not just about protecting assetsu2014itu2019s about enabling the business, building trust with our customers, and empowering our associates to thrive in a rapidly evolving digital landscape. u2022 Culture of Learning and Collaboration: We foster a culture that prioritizes continuous learning, knowledge sharing, and cross-functional teamwork as core values. Youu2019ll collaborate with experts in Legal, HR, Product Security, Engineering, and more, ensuring your work is always relevant and impactful. u2022 People-Focused Values: Acuity is a values-driven organization. We believe in integrity, curiosity, and creating an environment where the best people come to do their best work. Our leadership is committed to attracting, developing, and retaining top talent, and we celebrate the diverse perspectives and backgrounds of our team members. Join Acuity and help us build a safer, smarter, and more resilient futureu2014where your expertise and passion for cybersecurity will make a real difference. #LI-EK1 The range for this position is $55,300.00 to $99,500.00. Placement within this range may vary, depending on the applicantu2019s experience and geographic location. Acuity offers generous benefits including health care, dental coverage, vision plans, 401K benefits, and commissions/incentive compensation depending on the role. For a list of our benefits, click here . We value diversity and are an equal opportunity employer. All qualified applicants will be considered for employment without regards to race, color, age, gender, sexual orientation, gender identity and expression, ethnicity or national origin, disability, pregnancy, religion, covered veteran status, protected genetic information, or any other characteristic protected by law. Please click here ( and here (Eng_Es.pdf) for more information. Accommodation for Applicants with Disabilities: As an equal opportunity employer, Acuity Inc. is committed to providing reasonable accommodations in its application process for qualified individuals with disabilities and disabled veterans. If you have difficulty using our online system due to a disability and need an accommodation, you may contact us at (770) 922-9000, select option 4. Please clearly indicate what type of accommodation you are requesting and for what requisition. Any unsolicited resumes sent to Acuity Inc. from a third party, such as an Agency recruiter, including unsolicited resumes sent to an Acuity Inc. mailing address, fax machine or email address, directly to Acuity Inc. employees, or to Acuity Inc. resume database will be considered Acuity Inc. property. Acuity Inc. will NOT pay a fee for any placement resulting from the receipt of an unsolicited resume. Acuity Inc. will consider any candidate for whom an Agency has submitted an unsolicited resume to have been referred by the Agency free of any charges or fees. This includes any Agency that is an approved/engaged vendor, but does not have the appropriate approvals to be engaged on a search. E-Verify Participation Poster ( e-verify.gov eeoc.gov (

Created: 2025-12-22