At ZoomInfo, we encourage creativity, value innovation, demand teamwork, expect accountability and cherish results. We value your take charge, take initiative, get stuff done attitude and will help you unlock your growth potential. One great choice can change everything. Thrive with us at ZoomInfo.

We are hiring a Security Risk Analyst to lead the identification, assessment, and mitigation of security risks within the ZoomInfo ecosystem, with a specific focus on Third-Party Risk Management (TPRM). This role will be responsible for executing risk management processes, supporting compliance initiatives, and driving the TPRM program to ensure vendor security is effectively managed. The Security Risk Analyst will collaborate closely with cross-functional teams to address security risks, uphold compliance standards, and contribute to the creation and enhancement of security policies and processes.

What You'll do:

Third-Party Risk Management (TPRM): Implement the organization's TPRM strategy in alignment with business objectives and risk appetite. Develop, maintain, and update TPRM policies, procedures, and frameworks. Apply a structured risk assessment methodology to evaluate third-party risks. Conduct initial due diligence and onboarding assessments for new vendors. Manage and optimize TPRM tools to track and ensure third-party evaluations and compliance. Maintain an accurate inventory of third-party vendors, ensuring up-to-date risk profiles. Coordinate with vendors to address identified risks and oversee remediation plans. Compliance Support: Assist in ensuring adherence to security frameworks and standards, including SOC 2, ISO 27001, ISO 27701, and ISO 27017. Support audit preparation and provide required documentation for internal and external audits. Monitor compliance with security policies and escalate any deviations to the Security Risk Management Lead. Risk Assessment and Analysis: Assist in conducting risk assessments, including data collection, analysis, and reporting, to identify security vulnerabilities and threats. Maintain and update the organization’s risk register with detailed findings, remediation plans, and status updates. Support the Security Risk Management Lead in prioritizing risks and developing mitigation strategies. Conduct periodic reviews of existing controls to ensure effectiveness and alignment with business objectives. Policy and Documentation Support: Contribute to the development and maintenance of security policies, standards, and procedures. Create and update risk-related documentation, including assessment reports, risk treatment plans, and executive summaries. Assist in training and awareness efforts to promote a strong security culture within the organization.

What you bring:

Bachelor’s degree in Information Security, Computer Science, or a related field, or equivalent experience. 4+ years of experience in information security, risk management, or a related field. Strong understanding of third-party risk management processes and tools. Familiarity with security frameworks and standards (SOC 2, ISO 27001, ISO 27701, ISO 27017). Experience conducting risk assessments and working with risk management tools. Strong organizational and analytical skills with attention to detail. Ability to work collaboratively and communicate effectively with technical and non-technical stakeholders.

Preferred Skills:

Experience in multi-cloud environments or with cloud security controls. Knowledge of AI-related security risks. Relevant certifications such as Security+, CRISC, or equivalent are a plus.

 

#LI-Hybrid

About us: 

ZoomInfo (NASDAQ: ZI) is the trusted go-to-market platform for businesses to find, acquire, and grow their customers. It delivers accurate, real-time data, insights, and technology to more than 35,000 companies worldwide. Businesses use ZoomInfo to increase efficiency, consolidate technology stacks, and align their sales and marketing teams — all in one platform. 

ZoomInfo may use a software-based assessment as part of the recruitment process. More information about this tool, including the results of the most recent bias audit, is available here.

ZoomInfo is proud to be an Equal Opportunity Employer.  We are committed to equal employment opportunities for applicants and employees regardless of sex, race, age, color, national origin, sexual orientation, gender identity, marital status, disability status, religion, protected military or veteran status, medical condition, or any other characteristic or status protected by applicable law. At ZoomInfo, we also consider qualified candidates with criminal histories, consistent with legal requirements.