GRC Analyst

What you can expect

Zoom is seeking a talented GRC Tech Analyst to join our Security GRC team. As a GRC Tech Analyst, you will strengthen Zoom's security posture by maturing our Common Controls Framework and expanding our certification landscape. You'll collaborate across security, engineering, and risk teams to automate compliance monitoring and implement controls. Your work will directly protect customers and enable Zoom to move faster with confidence.

About the Team

Security GRC is a people-first, high-impact team that sits at the intersection of security, product, legal, and leadership. Through our standards, controls, certifications, customer assurance, and risk and vendor management programs, we enable Zoom to move faster and smarter. We help unlock revenue through risk-based security initiatives, creative problem-solving, and strategic partnerships. Join us to help shape GRC innovation in a global tech company while working alongside thoughtful, collaborative, and deeply talented teammates!

Responsibilities

• Playing a central role in the maturation and documentation of Zoom's Common Controls Framework.

• Evaluating, documenting, and communicating security issues and risks related to control design and gaps.

• Co-administering the GRC platform and its modules across multiple teams.

• Assessing the effectiveness of management, operational, and technical security controls.

• Developing and managing a security exceptions process.

• Collaborating with cross-functional teams to gather and document security requirements.

• Identifying automation opportunities for evidence collection and control compliance verification.

• Supporting external auditors during regulatory and compliance assessments. Consulting with key stakeholders on information security policies, standards, and procedures.

What we’re looking for

• Have 2+ years of experience in cybersecurity governance, risk management, compliance, or assessments/audits.

• Demonstrate understanding of cybersecurity, GRC lifecycle, security assessment methodologies, security questionnaires, and evidence review processes.

• Show familiarity with security, cloud, and compliance frameworks (e.g., ISO 27001/27002, NIST (CSF, 800-53, 800-171), SOC 1/2). This also includes frameworks such as CIS Controls, PCI DSS, HITRUST, FedRAMP, CSA CCM, and ISO 27017/27018.

• Be able to analyze complex environments against cybersecurity control requirements and communicate conformance clearly to technical and non-technical audiences.

• Show effective organizational and project management skills with attention to detail. Excellent written and verbal communication skills.

• Demonstrate knowledge of data protection regulations (e.g., GDPR, CCPA/CPRA, HIPAA/HITECH, GLBA) and familiarity with cloud-based IaaS architectures, preferably in AWS and OCI (a bonus).

• Have experience with SaaS-based GRC tools or platforms (e.g., HyperProof, ServiceNow, or similar platforms). Also have experience with security monitoring offered natively in platforms and applications, such as AWS, SIEM and PAM tools, and vulnerability scanning solutions. (a bonus).

• Possess professional certifications such as CISA, CISM, CISSP, ISO 27001 Auditor (a bonus).

Salary Range or On Target Earnings:

Minimum:

Maximum:

In addition to the base salary and/or OTE listed Zoom has a Total Direct Compensation philosophy that takes into consideration; base salary, bonus and equity value.

Note: Starting pay will be based on a number of factors and commensurate with qualifications & experience.

We also have a location based compensation structure;  there may be a different range for candidates in this and other locations

At Zoom, we offer a window of at least 5 days for you to apply because we believe in giving you every opportunity. Below is the potential closing date, just in case you want to mark it on your calendar. We look forward to receiving your application!

Ways of Working
Our structured hybrid approach is centered around our offices and remote work environments. The work style of each role, Hybrid, Remote, or In-Person is indicated in the job description/posting.

Benefits
As part of our award-winning workplace culture and commitment to delivering happiness, our benefits program offers a variety of perks, benefits, and options to help employees maintain their physical, mental, emotional, and financial health; support work-life balance; and contribute to their community in meaningful ways. Click Learn for more information.

About Us
Zoomies help people stay connected so they can get more done together. We set out to build the best collaboration platform for the enterprise, and today help people communicate better with products like Zoom Contact Center, Zoom Phone, Zoom Events, Zoom Apps, Zoom Rooms, and Zoom Webinars.
We’re problem-solvers, working at a fast pace to design solutions with our customers and users in mind. Find room to grow with opportunities to stretch your skills and advance your career in a collaborative, growth-focused environment.

Our Commitment​

At Zoom, we believe great work happens when people feel supported and empowered. We’re committed to fair hiring practices that ensure every candidate is evaluated based on skills, experience, and potential. If you require an accommodation during the hiring process, let us know—we’re here to support you at every step.

If you need assistance navigating the interview process due to a medical disability, please submit an Accommodations Request Form and someone from our team will reach out soon. This form is solely for applicants who require an accommodation due to a qualifying medical disability. Non-accommodation-related requests, such as application follow-ups or technical issues, will not be addressed.