Security Risk Management TPRM Specialist

We are hiring a Security Risk Analyst to lead the identification, assessment, and mitigation of security risks within the ZoomInfo ecosystem, with a specific focus on Third-Party Risk Management (TPRM). This role will be responsible for executing risk management processes, supporting compliance initiatives, and driving the TPRM program to ensure vendor security is effectively managed. The Security Risk Analyst will collaborate closely with cross-functional teams to address security risks, uphold compliance standards, and contribute to the creation and enhancement of security policies and processes.

What Youll do:

• Third-Party Risk Management (TPRM):
• Implement the organizations TPRM strategy in alignment with business objectives and risk appetite.
• Develop, maintain, and update TPRM policies, procedures, and frameworks.
• Apply a structured risk assessment methodology to evaluate third-party risks.
• Conduct initial due diligence and onboarding assessments for new vendors.
• Manage and optimize TPRM tools to track and ensure third-party evaluations and compliance.
• Maintain an accurate inventory of third-party vendors, ensuring up-to-date risk profiles.
• Coordinate with vendors to address identified risks and oversee remediation plans.
• Compliance Support:
• Assist in ensuring adherence to security frameworks and standards, including SOC 2, ISO 27001, ISO 27701, and ISO 27017.
• Support audit preparation and provide required documentation for internal and external audits.
• Monitor compliance with security policies and escalate any deviations to the Security Risk Management Lead.
• Risk Assessment and Analysis:
• Assist in conducting risk assessments, including data collection, analysis, and reporting, to identify security vulnerabilities and threats.
• Maintain and update the organization s risk register with detailed findings, remediation plans, and status updates.
• Support the Security Risk Management Lead in prioritizing risks and developing mitigation strategies.
• Conduct periodic reviews of existing controls to ensure effectiveness and alignment with business objectives.
• Policy and Documentation Support:
• Contribute to the development and maintenance of security policies, standards, and procedures.
• Create and update risk-related documentation, including assessment reports, risk treatment plans, and executive summaries.
• Assist in training and awareness efforts to promote a strong security culture within the organization.

What you bring:

• Bachelor s degree in Information Security, Computer Science, or a related field, or equivalent experience.
• 4+ years of experience in information security, risk management, or a related field.
• Strong understanding of third-party risk management processes and tools.
• Familiarity with security frameworks and standards (SOC 2, ISO 27001, ISO 27701, ISO 27017).
• Experience conducting risk assessments and working with risk management tools.
• Strong organizational and analytical skills with attention to detail.
• Ability to work collaboratively and communicate effectively with technical and non-technical stakeholders.

Preferred Skills:

• Experience in multi-cloud environments or with cloud security controls.
• Knowledge of AI-related security risks.
• Relevant certifications such as Security+, CRISC, or equivalent are a plus.

#LI-Hybrid