What you can expect

‍

The Third-Party Risk Management (TPRM) Analyst supports Zoom’s Security Governance, Risk and Compliance (GRC) team by assessing, monitoring, and managing risks related to third-party vendors. You assess new vendors’ security controls, data protection, and compliance with Zoom’s standards. You identify control gaps, track remediation, and monitor vendor risk through periodic reviews, continuous monitoring, and incident coordination. The role helps maintain policies, procedures, and the TPRM framework, while collaborating with procurement, legal, privacy, and business teams to embed security requirements. You also prepare reports on third-party risk trends, metrics, and key findings for management and stakeholders.

‍

‍

‍

About the Team

‍

Security GRC is a people-first, high-impact team that sits at the intersection of security, product, legal, and leadership. Through our standards, controls, certifications, customer assurance, and risk and vendor management programs, we enable Zoom to move faster and smarter—helping to unlock revenue with risk-based security initiatives, creative problem-solving, and strategic partnerships. Join us to help shape GRC innovation in a global tech company while working alongside thoughtful, collaborative, and deeply talented teammates!

‍

‍

‍

What we’re looking for

‍

• Have 2+ years of experience in information security, risk management, or third-party/vendor risk management.
• Demonstrate understanding of cybersecurity, vendor risk assessment methodologies, security questionnaires, and evidence review processes.
• Show familiarity with security, cloud, and compliance frameworks (e.g., ISO 27001/27002, NIST (CSF, 800-53, 800-171), SOC 1/2, CIS Controls, PCI DSS, HITRUST, FedRAMP, CSA CCM, ISO 27017/27018).
• Demonstrate knowledge of data protection regulations (e.g., GDPR, CCPA/CPRA, HIPAA/HITECH, GLBA).
• Have experience with risk management tools or platforms (e.g., ServiceNow, RSA Archer, OneTrust, MetricStream, LogicGate, or similar platforms) and show familiarity with continuous monitoring tools and risk intelligence services (e.g., SecurityScorecard, BitSight, RiskRecon).
• Be able to analyze complex vendor environments and communicate risk findings clearly to technical and non-technical audiences.
• Show effective organizational and project management skills with attention to detail. Excellent written and verbal communication skills.
• Possess professional certifications such as CISSP, CISA, CRISC, CTPRP, or CTPRA (a bonus).

‍

‍

Ways of Working

‍
Our structured hybrid approach is centered around our offices and remote work environments. The work style of each role, Hybrid, Remote, or In-Person is indicated in the job description/posting.

‍