Zoominfo Waltham , MA 02154
Posted 3 weeks ago
As a key member of our Security Governance, Risk, and Compliance (GRC) team, the Senior Security Analyst will play a pivotal role in safeguarding our company's data and infrastructure by managing 3 main domains: VRM, security certifications and attestations, and Customer RFP processes.
Collaborating closely with IT, procurement, risk management, and sales teams, this role significantly impacts our business by enhancing security measures, managing vendor and partner relationships, and streamlining security and compliance processes. The role is data security centric and requires a detail oriented technical acumen. The Senior Security Analyst is central to our ongoing efforts to protect sensitive data and ensure a secure operational environment, thereby supporting customer trust.
What you will do:
Third-Party Reviews: Conduct comprehensive security assessments and audits of vendors and partners to ensure they meet our strict security standards.
VRM Program Improvements: Collaborate with the Help Desk, Legal, and Procurement teams to automate the Vendor Risk Management (VRM) processes, enhancing efficiency and risk management, ensuring compliance and safeguarding against potential security threats.
SOC2 Audits and Gap Assessments: Lead SOC2 Type1 and Type2 audit preparations and conduct gap assessments to maintain compliance and security standards.
Audit Assurance: Manage and conduct SOC, ISO, and other security audits as needed, utilizing industry standard GRC and VRM tooling to ensure ongoing compliance with security best practices.
Ad-Hoc Security Projects: Address ad hoc requests from within the Security GRC team on risks, compliance, and security control implementation
What you will bring:
Proven experience in cybersecurity analysis, risk management, and compliance (SOC 2, CMMC, ISO, NIST, CSA Level II) within a tech or data-centric organization
Expertise with SOC2 audits, VRM programs, and IT security best practices.
Demonstrated ability to work cross-functionally with IT, Procurement, Sales, and other departments to drive security initiatives with the ability to lead complex interaction with Senior Management
#LI-MH
#LI-Hybrid
Zoominfo