Senior Security Risk Management Specialist

At ZoomInfo, we encourage creativity, value innovation, demand teamwork, expect accountability and cherish results. We value your take charge, take initiative, get stuff done attitude and will help you unlock your growth potential. One great choice can change everything. Thrive with us at ZoomInfo.

We are hiring a Senior Security Risk Management Specialist to join our Governance, Risk, and Compliance (GRC) team. This role requires a strong technical background in information security to identify, assess, and mitigate risks across the ZoomInfo ecosystem. The Security Risk Management Lead will oversee the management of the Third-Party Risk Management (TPRM) program, ensure compliance with security standards, manage security policies, and address risks associated with AI technologies, cloud infrastructures, and third-party integrations.

Key Responsibilities:

• Risk Management:
• Conduct comprehensive risk assessments, including threat modeling, vulnerability analysis, and impact assessments, to identify security risks across the organization’s systems and processes.
• Develop and maintain a risk register to document identified risks, their impact, likelihood, and mitigation strategies.
• Work with stakeholders to prioritize risks based on business impact and provide actionable recommendations to reduce exposure.
• Establish metrics and key performance indicators (KPIs) to measure the effectiveness of risk management strategies and ensure continuous improvement.
• Conduct periodic risk reassessments to account for changes in the technology landscape, emerging threats, and business objectives.
• Collaborate with IT, DevOps, and engineering teams to ensure security is integrated into system design, development, and deployment.
• Provide detailed reports and presentations to executive leadership, summarizing risk findings, mitigation efforts, and overall security posture.
  
  
• Third-Party Risk Management (TPRM):
• Conduct third-party security assessments, including due diligence reviews and ongoing risk monitoring.
• Collaborate with procurement, legal, and business teams to ensure third-party contracts include appropriate security and compliance requirements.
• Maintain an inventory of third-party vendors and their associated risk profiles.
• Track and manage remediation efforts for identified third-party risks.
• Stay informed about emerging risks and regulatory changes that may impact third-party relationships.
  
  
• Compliance Management:
• Ensure adherence to security frameworks and standards, including SOC 2, ISO 27001, ISO 27701, and ISO 27017.
• Provide technical guidance during security audits and assessments conducted by internal and external parties.
  
  
• Policy Development:
• Develop, maintain, and enforce security policies and procedures aligned with industry best practices and organizational objectives.
• Collaborate with cross-functional teams to integrate security requirements into technology processes and solutions.
  
  

Qualifications:

• Bachelor’s degree in Information Security, Computer Science, or a related field, or equivalent experience.
• 7+ years of experience in information security, with a focus on risk management and technical control implementation.
• Strong knowledge of security frameworks and standards (SOC 2, ISO 27001, ISO 27701, ISO 27017).
• Proven experience managing a comprehensive Third-Party Risk Management (TPRM) program.
• Familiarity with risk assessment methodologies and tools in technical environments.
• Proficiency in managing security risks related to cloud infrastructures, AI technologies, and third-party integrations.
• Demonstrated ability to develop and implement security policies and procedures.
• Strong analytical and problem-solving skills with attention to detail.
• Excellent communication skills to convey technical security concepts to technical and non-technical stakeholders.
• Relevant certifications such as CISSP, CISM, CRISC, or equivalent are a plus.

Preferred Skills:

• Experience with security in multi-cloud environments.
• Familiarity with security considerations for AI and machine learning technologies.
• Hands-on experience with compliance monitoring and automation tools.

About us: 

ZoomInfo (NASDAQ: ZI) is the trusted go-to-market platform for businesses to find, acquire, and grow their customers. It delivers accurate, real-time data, insights, and technology to more than 35,000 companies worldwide. Businesses use ZoomInfo to increase efficiency, consolidate technology stacks, and align their sales and marketing teams — all in one platform. 

ZoomInfo may use a software-based assessment as part of the recruitment process. More information about this tool, including the results of the most recent bias audit, is available here.

ZoomInfo is proud to be an Equal Opportunity Employer.  We are committed to equal employment opportunities for applicants and employees regardless of sex, race, age, color, national origin, sexual orientation, gender identity, marital status, disability status, religion, protected military or veteran status, medical condition, or any other characteristic or status protected by applicable law. At ZoomInfo, we also consider qualified candidates with criminal histories, consistent with legal requirements.