Zoom Cybersecurity Attorney

US-REMOTE

Reporting to Zoom’s Head of Cybersecurity Law, the Cybersecurity Attorney will be responsible for providing legal and program support to Zoom’s information security and insider risk programs. This person will embed with teams addressing risk, governance, and incidents, will support and oversee investigations, and will provide first line review for a wide range of security and insider risk matters. The Cybersecurity Attorney will partner closely with other cross-functional teams such as compliance, privacy, product, and engineering to understand data security, confidentiality, usage, and provide both strategic and practical guidance on developments impacting information and systems security.

Responsibilities:

• Work on high priority, high stakes projects that have broad and visible impact.

• Provide legal advice to security and product engineers on compliance with applicable data security related regulations, security by design, and security frameworks and industry certifications.

• Develop and implement legal-security processes, assist in the maintenance and annual review of security programs and processes, including updates to security policies, plans, procedures, and standards.

• Work with product vulnerability management and offensive security teams on vulnerability processes, standards, responses, notifications, enhancement of product security policies, standards and procedures, including creation of security advisories and updates.

• Investigate and analyze potential data security incidents, support assessment of legal and regulatory responsibilities, advise on necessary and recommended responses, and provide guidance on mitigation, remediation, and resolution efforts.

• Assist in responses to global regulatory investigations concerning product and data security.

• Regularly meet with internal teams (e.g., product) to understand strategies, roadmap, and initiatives, and advise on new features, activities, etc. to ensure security compliance.

• Provide early advice on risk and innovations to speed development.

• Maintain an understanding of technical controls and assist in the creation of audit and monitoring frameworks to support stable, controlled operations.

• Support security impact assessments related to product and associated technologies and vendors.

• Work cross functionally with Compliance, Privacy, and other teams to support information security related compliance.

• Take lead or partner with cross functional teams to ensure: (i) necessary security terms in customer contracts and (ii) review of vendor contracts for appropriate terms and information security requirements

• Respond timely to inquiries from colleagues with sound, succinct, and actionable advice.

Requirements:

• 8+ years of direct experience as information security/cybersecurity counsel; preferably with in-house and law firm experience in the tech space.

• Qualified to practice law in California or state of residence.

• Expertise in global security, privacy and regulatory frameworks, including NIST, ISO, U.S. and international data security related laws, FISMA, FedRAMP, PCI-DSS, GDPR, CCPA, HIPAA, GLBA, etc. 

• Strong communication skills, including the ability to communicate effectively across cross-functional teams and build consensus among stakeholders.

• Passion to work in collaborative team environment with an attitude to deliver happiness

• Extremely organized with the ability to manage multiple projects simultaneously, adjust to rapidly changing priorities, and drive strategic projects to successful delivery.

• Sense of humor, excellent interpersonal skills, business judgment, strategic thinking, superior work ethic, flexibility and ability to work independently.

• Experience supporting security and/or product teams across multiple areas of subject matter expertise is a plus.

• Active security clearance is a plus.

• Ability to quickly issue spot and appropriately prioritize risk and outcomes a must.

• Growth mindset: every new challenge is an opportunity to learn and grow.

Ensuring a diverse and inclusive workplace where we learn from each other is core to Zoom’s values. We welcome people of different backgrounds, experiences, abilities and perspectives including qualified applicants with arrest and conviction records as well as any qualified applicants requiring reasonable accommodations in accordance with the law.

We believe that the unique contributions of all Zoomies is the driver of our success. To make sure that our products and culture continue to incorporate everyone's perspectives and experience we never discriminate on the basis of race, religion, national origin, gender identity or expression, sexual orientation, age, or marital, veteran, or disability status.

All your information will be kept confidential according to EEO guidelines.

Zoom requires all U.S. employees who will work in person at a Zoom office, attend in-person Zoom meetings or have in-person customer meetings to be fully vaccinated. Zoom will consider requests for reasonable accommodations for religious or medical reasons as required under applicable law.

Explore Zoom:

• Hear from our leadership team

• Browse Awards and Employee Reviews on Comparably

• Visit our Blog

• Zoom with us!

• Find us on social at the links below and on Instagram