NVIDIA is looking for a Cybersecurity Engineer - Third Party Risk Management to support our Security team in managing external party risk. You will build autonomous agents and automations for the full TPRM lifecycle using AI and modern engineering practices within NVIDIA's creative, hard-working, and forward-thinking environment.
What You'll Do
- Build autonomous agents that handle the full Third-Party Risk Management (TPRM) lifecycle.
- Employ Generative AI Technology like embeddings, RAG, or LLM agents for summarizing vendor responses.
- Build event-driven integrations (webhooks, serverless functions) to react to vendor risk score changes or asset discovery events.
- Use Natural Language Processing (NLP) for extracting structured data from vendor documents.
- Maintain pipelines for ingesting and correlating vendor risk data, findings, and compliance metrics.
- Design modular, API-based pipelines connecting TPRM tooling (LogicGate/OneTrust) with Databricks, Jira, and data warehouses.
- Apply deep understanding of the TPRM Lifecycle (onboarding, risk tiering, assessment, remediation).
- Ensure security relevance based on frameworks such as NIST CSF 2.0, ISO 27001, SOC 2, and CMMC mappings.
- Integrate knowledge of Risk Scoring Models (e.g., BitSight scores) into inherent and residual risk calculations.
What We're Looking For
- API Engineering: Experience integrating data from security and GRC systems such as BitSight, LogicGate, ServiceNow, or Jira.
- Workflow Automation Tools: Understanding of orchestration and automation systems such as Tines, n8n, Cortex XSOAR for prototypes.
- Data Modeling & Pipelines: Ability to design and maintain data models for vendor metadata, risk scores, and control test results.
- Proficient in using tools like Cursor, Claude, Gemini, or similar frameworks to develop agentic automations for data analysis and workflow execution.
- Observability & Metrics: Ability to implement logging, monitoring, and metrics dashboards (e.g., PowerBI) for TPRM automation health.
- 8+ years of proven experience in cybersecurity with a focus on automation, security engineering, or architecture.
- Communication & System Thinking: Strong cross-functional communication. System thinking to translate policy/compliance goals into technical automation design.
- Leadership: Innovation mindset: Ability to propose and prototype emerging AI approaches responsibly; Excellent Documentation & Knowledge-sharing skills of automation architecture, runbooks, and control mappings.
- Minimum bachelor’s degree or equivalent experience in a technology or relevant scientific field required.
Nice to Have
- Certifications in one or more of the following areas: CIPP, CISSP, CISA, CISM, CRISC.
- Proficiency in using third-party risk management platforms such as OneTrust, RSA Archer, or similar tools.
- Hands-on experience with developing and maintaining metrics dashboards for Cybersecurity programs.
- Demonstrated ability to manage and mitigate risks associated with a large and diverse portfolio of third-party vendors.
Technical Stack
- Generative AI, embeddings, RAG, LLM agents, NLP, ETL, APIs
- Databricks, Jira, LogicGate, OneTrust, BitSight, ServiceNow
- Tines, n8n, Cortex XSOAR, Cursor, Claude, Gemini, PowerBI
Benefits & Compensation
- Compensation: 168,000 USD - 258,750 USD for Level 4, and 192,000 USD - 304,750 USD for Level 5 + equity: Eligible
- Equity
- Benefits
NVIDIA is committed to fostering a diverse work environment and proud to be an equal opportunity employer. As we highly value diversity in our current and future employees, we do not discriminate (including in our hiring and promotion practices) on the basis of race, religion, color, national origin, gender, gender expression, sexual orientation, age, marital status, veteran status, disability status or any other characteristic protected by law.
