Vendor Risk Management Specialist - Cybersecurity

Join to apply for the Vendor Risk Management Specialist - Cybersecurity role at Acuity
.

Acuity Inc. (NYSE: AYI) is a market‑leading industrial technology company that designs, manufactures, and markets products and services across lighting and intelligent spaces. The company operates in North America, Europe and Asia and is headquartered in Atlanta, Georgia.

Work location:

Anywhere in the United States. The position requires on‑site presence in Remote US‑Non Cali, following a hybrid work model, and reporting to the office every business day. Travel may be required as part of the responsibilities.

The Vendor Risk Manager Specialist will assist the Cyber GRC VRM team in processing existing and new technology vendors, ensuring third‑party technology partners meet Acuity’s security and compliance standards. The role collaborates across departments, conducts Vendor Security Reviews (VSRs), and helps shape IT Vendor/3rd Party risk management policies and procedures.

• Assist in advancing Acuity’s IT Vendor Risk Management program.
• Conduct Vendor Security Reviews (VSRs) for all existing and newly onboarded third‑party technology vendors.
• Prepare and present risk assessments, findings, and recommendations to business stakeholders.
• Maintain a centralized repository of third‑party vendors & technologies to monitor risk and compliance.
• Act as a liaison between the Security team and departments such as Legal, Sourcing, HR, and IT.
• Contribute to the development and continuous improvement of VRM‑related policies and procedures.

• Assist Acuity Privacy with the management of employee and customer data.
• Assist in the management of Data Subject Access Requests (DSAR).
• Assist in the mapping and management of Acuity’s PI/PII relevant data stores.

• Bachelor’s degree in Information Technology, Cybersecurity, Governance, Risk & Compliance (GRC), or equivalent experience.
• Solid understanding of cybersecurity frameworks and standards (e.g., ISO 27001, NIST, SOC 2, SOX).
• Familiarity with global privacy regulations (GDPR, CCPA/CPRA).
• Strong written and verbal communication skills.
• Proficiency in Microsoft Office tools.
• Excellent time management, problem‑solving, and ability to follow structured processes.

• Professional certifications in Cybersecurity, GRC, or Vendor Risk Management.
• Experience working in a large enterprise environment.
• Hands‑on experience with VRM platforms such as Process Unity or similar.
• Familiarity with vendor risk monitoring tools like Bit Sight or equivalent.

At Acuity, you’ll join a cybersecurity organization recognized for its strategic importance, investment in people, and commitment to innovation. The program enables business, builds trust, and empowers associates to thrive in a rapidly evolving digital landscape. Acuity values learning, collaboration, and people‑focused values, celebrating diverse perspectives and backgrounds.

The base salary range for this position is $55,300.00 to $99,500.00, based on experience and geographic location. Acuity offers generous benefits including health care, dental coverage, vision plans, 401(k) benefits, and commissions/incentive compensation depending on the role.

We value diversity and are an equal opportunity employer. All qualified applicants will be considered for employment without regard to race, color, age, gender, sexual orientation, gender identity, ethnicity, disability, pregnancy, religion, covered veteran status, protected genetic information, or any other legally protected characteristic.

Accommodations for applicants with disabilities:
Acuity Inc. is committed to providing reasonable accommodations in its application process for qualified individuals with disabilities and disabled veterans. Applicants can contact (770) 922‑9000, option 4, to request accommodations for this requisition.

E‑Verify Participation Poster: e-verify.gov. EEOC: eeoc.gov.