Senior Security Analyst

At ZoomInfo, we encourage creativity, value innovation, demand teamwork, expect accountability and cherish results. We value your take charge, take initiative, get stuff done attitude and will help you unlock your growth potential. One great choice can change everything. Thrive with us at ZoomInfo.

As a key member of our Security Governance, Risk, and Compliance (GRC) team, the Senior Security Analyst will play a pivotal role in safeguarding our company's data and infrastructure by managing 3 main domains: VRM, security certifications and attestations, and Customer RFP processes.

Collaborating closely with IT, procurement, risk management, and sales teams, this role significantly impacts our business by enhancing security measures, managing vendor and partner relationships, and streamlining security and compliance processes. The role is data security centric and requires a detail oriented technical acumen. The Senior Security Analyst is central to our ongoing efforts to protect sensitive data and ensure a secure operational environment, thereby supporting customer trust.

What You Will Do
Third-Party Reviews: Conduct comprehensive security assessments and audits of vendors and partners to ensure they meet our strict security standards

VRM Program Improvements: Collaborate with the Help Desk, Legal, and Procurement teams to automate the Vendor Risk Management (VRM) processes, enhancing efficiency and risk management, ensuring compliance and safeguarding against potential security threats

SOC2 Audits and Gap Assessments: Lead SOC2 Type1 and Type2 audit preparations and conduct gap assessments to maintain compliance and security standards

Audit Assurance: Manage and conduct SOC, ISO, and other security audits as needed, utilizing industry standard GRC and VRM tooling to ensure ongoing compliance with security best practices

Ad-Hoc Security Projects: Address ad hoc requests from within the Security GRC team on risks, compliance, and security control implementation

What You Will Bring

Proven experience in cybersecurity analysis, risk management, and compliance (SOC 2, CMMC, ISO, NIST, CSA Level II) within a tech or data-centric organization

Expertise with SOC2 audits, VRM programs, and IT security best practices

Demonstrated ability to work cross-functionally with IT, Procurement, Sales, and other departments to drive security initiatives with the ability to lead complex interaction with Senior Management