Principal Security Analyst

This role is responsible for executing the organization's security audit, compliance, awareness, and training programs. The analyst will work with the global security leadership team to conduct audits, manage compliance certifications, deliver security training, and assess security risks.

• Execute security audits according to established audit plans and methodologies
• Conduct technical security assessments of systems, applications, and infrastructure
• Perform AI third-party vendor security audits and risk assessments
• Document audit findings with clear evidence and risk ratings
• Track audit remediation activities and follow up on open findings
• Prepare audit reports and executive summaries for technical and business stakeholders
• Develop and maintain audit templates, checklists, and procedures
• Maintain audit documentation and evidence repositories

• Support ISO certification activities (27001, 27701, 27017, 42001)
• Assist with SOC2 Type 2 audit preparation and evidence collection
• Conduct gap assessments against compliance framework requirements
• Coordinate with external auditors and certification bodies
• Monitor compliance with security policies and standards
• Track compliance remediation activities and timelines
• Prepare compliance status reports for leadership
• Maintain compliance calendar and tracking system

• Develop and execute annual security awareness plan and monthly campaigns
• Create security awareness content (emails, tips, posters, infographics, videos)
• Develop AI security awareness content and training materials
• Design and deliver role-based security training programs (developers, executives, new hires, managers)
• Manage Learning Management System (LMS) for security training and completion tracking
• Conduct security culture surveys and analyze results
• Develop and manage security champions program
• Partner with Communications team on security messaging
• Create video content and scripts for training programs
• Support executive and board security training

• Bachelor's degree in Information Security, Computer Science, Information Technology, or related field
• Master's degree preferred
• Certifications (at least one required; additional preferred)
• CISSP, CISA, CISM, CRISC, ISO 27001 Lead Auditor, or Security+, ISO 27701 Lead Auditor, ISO 42001, CEH, CCSP

• 8-10 years of experience in information security - technical arena, GRC, audit, or compliance
• Experience conducting security audits or assessments
• Experience with compliance frameworks (ISO 27001, SOC2, or similar)
• Experience with risk assessment and vendor security reviews
• Experience working with global teams across time zones
• Experience in technology or SaaS companies preferred

• ISO 27001, 27701, 27017, 42001 requirements and controls
• SOC2 Trust Services Criteria
• NIST Cybersecurity Framework (CSF) and NIST 800-53
• CIS Controls and benchmarks
• OWASP Top 10 and secure development practices
• Cloud security standards (CSA CCM, AWS/Azure/GCP best practices)

• Security audit methodologies (ISO 19011, COBIT)
• Risk-based audit planning and prioritization
• Evidence collection and analysis
• Findings documentation and reporting
• Remediation tracking and verification
• Root cause analysis

• Understanding of network security, firewalls, and segmentation
• Knowledge of identity and access management (IAM)
• Familiarity with cloud environments (AWS, GCP)
• Understanding of encryption, key management, and data protection
• Knowledge of application security and secure SDLC
• Understanding of infrastructure security and hardening
• Familiarity with security tools (SIEM, vulnerability scanners, CASB, etc.) 

#LI-PM1

#LI-Hybrid

ZoomInfo (NASDAQ: GTM) is the Go-To-Market Intelligence Platform that empowers businesses to grow faster with AI-ready insights, trusted data, and advanced automation. Its solutions provide more than 35,000 companies worldwide with a complete view of their customers, making every seller their best seller.

ZoomInfo is committed to protecting your privacy when you apply for jobs with us. Please review our Job Applicant Privacy Notice for more details on how we handle your personal information.

ZoomInfo may use a software-based assessment as part of the recruitment process. More information about this tool, including the results of the most recent bias audit, is available here.

ZoomInfo is proud to be an equal opportunity employer, hiring based on qualifications, merit, and business needs, and does not discriminate based on protected status. We welcome all applicants and are committed to providing equal employment opportunities regardless of sex, race, age, color, national origin, sexual orientation, gender identity, marital status, disability status, religion, protected military or veteran status, medical condition, or any other characteristic protected by applicable law. We also consider qualified candidates with criminal histories in accordance with legal requirements.

For Massachusetts Applicants: It is unlawful in Massachusetts to require or administer a lie detector test as a condition of employment or continued employment. An employer who violates this law shall be subject to criminal penalties and civil liability. ZoomInfo does not administer lie detector tests to applicants in any location.