Zoomies help the world connect — and deliver happiness while doing it. We set out to build the best video conferencing product for the enterprise, and today help people communicate better with products like Zoom Phone, Zoom Rooms, Zoom Video Webinars, Zoom Apps, and OnZoom.

We’re problem-solvers and self-starters, working at a fast pace to design solutions with our customers and users in mind. Here, you’ll work across teams to dig deep into impactful projects that are changing the way people communicate, and enjoy opportunities to advance your career in a diverse, inclusive environment. 

The Senior Security Risk Analyst works with the Head of Cyber Risk Management to provide operational support for the coordination and execution of the enterprise security risk management program. This
position will assist in the conduct of risk assessments and management of the security risk register.

We are looking for a remote Senior Security Risk Analyst who will play a key role as part of the Cyber Risk Management team. The successful candidate will have a strong background in the following areas:

● Development and performance of cyber risk assessments for enterprise and commercial applications, products and services;
● Risk identification through the performance of risk assessments and other measures
● Preparation of risk assessment findings and reports on remediation plan progress.

Responsibilities include:
● Administration of the cyber risk management program in accordance with the NIST cyber risk management framework and other security standards and related industry best practices.
● Performance of enterprise cyber risk assessments to identify inherent and residual risks.
● Analyze and document findings, recommend and report program gaps to leadership.
● Administration of the security risk register and related remediation activities.
● Administration of the risk management information system.
● Collaboration with technology and business stakeholders to develop and document risk treatment plans in line with the enterprise risk appetite.
● Report key metrics including status of assessments, issue management, and risk management
● Develop and maintain documentation on processes, procedures in accordance with standards, regulations and industry best practices.
● Maintain an understanding of emerging trends in information security threats and risks.
● Prepare and present risk assessment findings, guide remediation plans and report on progress

Minimum Qualifications:
● Bachelor's or Master’s degree in Business, Information Technology, Computer Science or
equivalent combination of education, certification (CISSP, CISM, CISA, CRISC, etc.) and
experience
● Must possess 5+ years’ experience in compliance, information security and/or information
technology with at least 3 years’ experience in risk management
● Deep understanding of cybersecurity risk management maturity practices and frameworks
● Proficiency in the application of NIST Cyber Security Framework (CFS), ISO 27001 and/or other
similar industry standard frameworks & privacy related regulations
● Understanding of a broad range of security technical concepts
● Excellent project management and organizational skills
● Excellent communication, interpersonal skills and sound business judgment

Preferred Qualifications:

● Experience performing assessments of IT related processes such as system and information
security, system development and change management, computer operations and data protection.
● Experience working with internal and external cyber security audits, vulnerability and risk
assessments
● Experience in escorting issues through risk analysis / treatment / mitigation processes