Third-Party Risk Management Analyst

What you can expect

The Third-Party Risk Management (TPRM) Analyst supports Zoom’s Security Governance, Risk and Compliance (GRC) team by assessing, monitoring, and managing risks related to third-party vendors. You assess new vendors’ security controls, data protection, and compliance with Zoom’s standards. You identify control gaps, track remediation, and monitor vendor risk through periodic reviews, continuous monitoring, and incident coordination. The role helps maintain policies, procedures, and the TPRM framework, while collaborating with procurement, legal, privacy, and business teams to embed security requirements. You also prepare reports on third-party risk trends, metrics, and key findings for management and stakeholders.

About the Team

Security GRC is a people-first, high-impact team that sits at the intersection of security, product, legal, and leadership. Through our standards, controls, certifications, customer assurance, and risk and vendor management programs, we enable Zoom to move faster and smarter—helping to unlock revenue with risk-based security initiatives, creative problem-solving, and strategic partnerships. Join us to help shape GRC innovation in a global tech company while working alongside thoughtful, collaborative, and deeply talented teammates!

What we’re looking for

• Have 2+ years of experience in information security, risk management, or third-party/vendor risk management.

• Demonstrate understanding of cybersecurity, vendor risk assessment methodologies, security questionnaires, and evidence review processes.

• Show familiarity with security, cloud, and compliance frameworks (e.g., ISO 27001/27002, NIST (CSF, 800-53, 800-171), SOC 1/2, CIS Controls, PCI DSS, HITRUST, FedRAMP, CSA CCM, ISO 27017/27018).

• Demonstrate knowledge of data protection regulations (e.g., GDPR, CCPA/CPRA, HIPAA/HITECH, GLBA).

• Have experience with risk management tools or platforms (e.g., ServiceNow, RSA Archer, OneTrust, MetricStream, LogicGate, or similar platforms) and show familiarity with continuous monitoring tools and risk intelligence services (e.g., SecurityScorecard, BitSight, RiskRecon).

• Be able to analyze complex vendor environments and communicate risk findings clearly to technical and non-technical audiences.

• Show effective organizational and project management skills with attention to detail. Excellent written and verbal communication skills.

• Possess professional certifications such as CISSP, CISA, CRISC, CTPRP, or CTPRA (a bonus).

Ways of Working
Our structured hybrid approach is centered around our offices and remote work environments. The work style of each role, Hybrid, Remote, or In-Person is indicated in the job description/posting.

Benefits
As part of our award-winning workplace culture and commitment to delivering happiness, our benefits program offers a variety of perks, benefits, and options to help employees maintain their physical, mental, emotional, and financial health; support work-life balance; and contribute to their community in meaningful ways. Click Learn for more information.

About Us
Zoomies help people stay connected so they can get more done together. We set out to build the best collaboration platform for the enterprise, and today help people communicate better with products like Zoom Contact Center, Zoom Phone, Zoom Events, Zoom Apps, Zoom Rooms, and Zoom Webinars.
We’re problem-solvers, working at a fast pace to design solutions with our customers and users in mind. Find room to grow with opportunities to stretch your skills and advance your career in a collaborative, growth-focused environment.

Our Commitment​

At Zoom, we believe great work happens when people feel supported and empowered. We’re committed to fair hiring practices that ensure every candidate is evaluated based on skills, experience, and potential. If you require an accommodation during the hiring process, let us know—we’re here to support you at every step.

If you need assistance navigating the interview process due to a medical disability, please submit an Accommodations Request Form and someone from our team will reach out soon. This form is solely for applicants who require an accommodation due to a qualifying medical disability. Non-accommodation-related requests, such as application follow-ups or technical issues, will not be addressed.