Vendor Risk Management Specialist - Cybersecurity

Acuity Inc. (NYSE: AYI) is a market‑leading industrial technology company. We use technology to solve problems in spaces, light and more things to come. Through our two business segments, Acuity Brands Lighting (ABL) and Acuity Intelligent Spaces (AIS), we design, manufacture, and bring to market products and services that make a valuable difference in people’s lives.

We achieve growth through the development of innovative new products and services, including lighting, lighting controls, building management solutions, and an audio, video and control platform. We focus on customer outcomes and drive growth and productivity to increase market share and deliver superior returns. We look to aggressively deploy capital to grow the business and to enter attractive new verticals.

Acuity Inc. is based in Atlanta, Georgia, with operations across North America, Europe and Asia. The Company is powered by approximately 13,000 dedicated and talented associates. Visit us at

Work location:

• This position may be based anywhere in the United States and includes travel as part of the responsibilities.
• This position requires on‑site presence in Remote US‑Non Cali, following a hybrid work model.

The Vendor Risk Manager Specialist will assist the Cyber GRC VRM team in processing existing and new technology. This role is critical to ensuring third‑party technology partners meet Acuity’s security and compliance standards. You will collaborate across departments, conduct Vendor Security Reviews (VSRs), and help shape our IT Vendor/3rd Party risk management policies & procedures.

• Assist in advancing Acuity’s IT Vendor Risk Management program.
• Conduct Vendor Security Reviews (VSRs) for all existing and newly onboarded third‑party technology vendors.
• Prepare and present risk assessments, findings, and recommendations to business stakeholders.
• Maintain a centralized repository of third‑party vendors & technologies to monitor risk and compliance.
• Act as a liaison between the Security team and departments such as Legal, Sourcing, HR, and IT.
• Contribute to the development and continuous improvement of VRM‑related policies and procedures.

• Assist the Acuity Privacy team with the management of Employee and Customer data.
• Assist in the management of Data Subject Access Requests (DSAR).
• Assist in the mapping and management of Acuity’s PI/PII relevant data stores.

• Bachelor’s degree in Information Technology, Cybersecurity, or Governance, Risk & Compliance (GRC); or equivalent experience.
• Solid understanding of cybersecurity frameworks and standards (e.g., ISO 27001, NIST, SOC 2, SOX).
• Familiarity with global privacy regulations (e.g., GDPR, CCPA/CPRA).
• Strong written and verbal communication skills.
• Proficiency in Microsoft Office tools.
• Excellent time management, problem‑solving, and ability to follow structured processes.

• Professional certifications in Cybersecurity, GRC, or Vendor Risk Management.
• Experience working in a large enterprise environment.
• Hands‑on experience with VRM platforms such as Process Unity or similar.
• Familiarity with vendor risk monitoring tools like Bit Sight or equivalent.

• At Acuity, you’ll join a cybersecurity organization that is recognized for its strategic importance, investment in people, and commitment to innovation. Our cybersecurity program is not just about protecting assets—it’s about enabling the business, building trust with our customers, and empowering our associates to thrive in a rapidly evolving digital landscape.
• Culture of Learning and
  
  Collaboration:
  
  We foster a culture that prioritizes continuous learning, knowledge sharing, and cross‑functional teamwork as core values. You’ll collaborate with experts in Legal, HR, Product Security, Engineering, and more, ensuring your work is always relevant and impactful.
• People‑Focused Values:
  Acuity is a values‑driven organization. We believe in integrity, curiosity, and creating an environment where the best people come to do their best work. Our leadership is…