We are hiring a Principal Security Risk Management to join our Governance, Risk, and Compliance (GRC) team. This role requires a strong technical background in information security to identify, assess, and mitigate risks across the ZoomInfo ecosystem. The Security Risk Management Lead will oversee the management of the Third-Party Risk Management (TPRM) program, ensure compliance with security standards, manage security policies, and address risks associated with AI technologies, cloud infrastructures, and third-party integrations.

Key Responsibilities:

• Risk Management:
• Conduct comprehensive risk assessments, including threat modeling, vulnerability analysis, and impact assessments, to identify security risks across the organization’s systems and processes.
• Develop and maintain a risk register to document identified risks, their impact, likelihood, and mitigation strategies.
• Work with stakeholders to prioritize risks based on business impact and provide actionable recommendations to reduce exposure.
• Establish metrics and key performance indicators (KPIs) to measure the effectiveness of risk management strategies and ensure continuous improvement.
• Conduct periodic risk reassessments to account for changes in the technology landscape, emerging threats, and business objectives.
• Collaborate with IT, DevOps, and engineering teams to ensure security is integrated into system design, development, and deployment.
• Provide detailed reports and presentations to executive leadership, summarizing risk findings, mitigation efforts, and overall security posture.
  
  
• Third-Party Risk Management (TPRM):
• Conduct third-party security assessments, including due diligence reviews and ongoing risk monitoring.
• Collaborate with procurement, legal, and business teams to ensure third-party contracts include appropriate security and compliance requirements.
• Maintain an inventory of third-party vendors and their associated risk profiles.
• Track and manage remediation efforts for identified third-party risks.
• Stay informed about emerging risks and regulatory changes that may impact third-party relationships.
  
  
• Compliance Management:
• Ensure adherence to security frameworks and standards, including SOC 2, ISO 27001, ISO 27701, and ISO 27017.
• Provide technical guidance during security audits and assessments conducted by internal and external parties.
  
  
• Policy Development:
• Develop, maintain, and enforce security policies and procedures aligned with industry best practices and organizational objectives.
• Collaborate with cross-functional teams to integrate security requirements into technology processes and solutions.
  
  

Qualifications:

• Bachelor’s degree in Information Security, Computer Science, or a related field, or equivalent experience.
• 7+ years of experience in information security, with a focus on risk management and technical control implementation.
• Strong knowledge of security frameworks and standards (SOC 2, ISO 27001, ISO 27701, ISO 27017).
• Proven experience managing a comprehensive Third-Party Risk Management (TPRM) program.
• Familiarity with risk assessment methodologies and tools in technical environments.
• Proficiency in managing security risks related to cloud infrastructures, AI technologies, and third-party integrations.
• Demonstrated ability to develop and implement security policies and procedures.
• Strong analytical and problem-solving skills with attention to detail.
• Excellent communication skills to convey technical security concepts to technical and non-technical stakeholders.
• Relevant certifications such as CISSP, CISM, CRISC, or equivalent are a plus.

Preferred Skills:

• Experience with security in multi-cloud environments.
• Familiarity with security considerations for AI and machine learning technologies.
• Hands-on experience with compliance monitoring and automation tools.