Zoom is an award-winning workplace. We have been recognized by Comparably as #1 CEO, Company Happiness, Benefits, Compensation, Diversity, and more! Not to mention we've been awarded by Glassdoor as the 2nd Best US workplace & Best Large Company US CEO in 2018, Wealthfront, and Business Insider. Our culture focuses on delivering happiness, our commitment to transparency, and the tangible benefits we provide our employees and our customers.
The Cyber Risk and Incident Response Manager is responsible for managing Zoom's Incident Response, and Risk Register within Zoom's Governance, Risk and Compliance (GRC) Technology platform(s). This individual will be a subject matter expert in incident response (IR) and risk registry creating Zoom's playbooks with a focus on creating, and maintaining incident response playbooks that would be invoked from Zoom's GRC platform.
Utilizing the National Institute of Standards and Technology (NIST) Cybersecurity Framework. In using the NIST CSF as a guiding principle would assure Zoom has the appropriate systems, and playbooks in place to establish:
The creation of an incident response policy and plan
The development of procedures for performing incident handling and reporting
Setting guidelines for communicating with outside parties regarding incidents
Determining the Zoom teams that would be involved with continuous IR planning, monitoring and resolutions
Would establish relationships and lines of communication between the incident response team and other groups, both internal (e.g., security operations center, legal department)
Assist with determining what services the incident response team should provide
The Cyber Risk and Incident Response Manager will be responsible for creating Zoom's IR playbooks that would be used and implemented within Zoom to include:
Investigation and diagnosis
Resolution and recovery
The Cyber Risk and Incident Response Manager will be responsible for the creation, maintenance and on-going monitoring of Zoom's Risk Register within the GRC environment.
Provide a centralized process to identify, assess, respond to, and continuously monitor Zoom's enterprise and platform risks that may negatively impact business operations.
Develop structured workflows for the management of risk assessments, risk indicators, and risk issues.
Utilizing the Zoom GRC platform will create graphical interfaces to report out profile and risk dependencies.
Will create profile types to group common profiles with similar risks together for easier assessment.
Will create risk statements to define a set of potential risks that could occur across the organization.
Will assign risk statements to profile types, to generate risks from statements, or generate risks manually.
Assist with determining the appropriate risk response (for example, Accept, Avoid, Mitigate, or Transfer), and document the justification for the response.
Assign and complete Remediation Tasks to ensure that risk mitigation efforts are implemented.
Utilize the Governance, Risk, and Compliance (GRC) application to track risk mitigation efforts by relating a risk to controls or policies which mitigate the risk.
Required and Preferred Skills and Experience:
Education: Masters Degree preferred
10 + years of experience with both government & large service providers in cyber and incident/legal response matters
Experience handling cyber security relationships between the public and private sector.
Previous government related experience in Incident Response playbook creation
Experience managing a cyber security and defense team for a government cyber security program.
Direct experience in implementing NIST based incident response programs
Experience working with and coordinating with enterprise legal teams
Exceptional verbal and written communication skills, with mastery of the ability to tailor the context of the conversation to the audience
Experience with socializing incident response awareness campaigns
Ability to think outside the box and develop solutions to accomplish seemingly impossible tasks, while remaining risk and objective focused