Principal Security Analyst

ZoomInfo is where careers accelerate. We move fast, think boldly, and empower you to do the best work of your life. You’ll be surrounded by teammates who care deeply, challenge each other, and celebrate wins. With tools that amplify your impact and a culture that backs your ambition, you won’t just contribute. You’ll make things happen–fast.

This role is responsible for executing the organization's security audit, compliance, awareness, and training programs. The analyst will work with the global security leadership team to conduct audits, manage compliance certifications, deliver security training, and assess security risks.

What you will do:

Security Audit Program (40%):

• Execute security audits according to established audit plans and methodologies


• Conduct technical security assessments of systems, applications, and infrastructure


• Perform AI third-party vendor security audits and risk assessments


• Document audit findings with clear evidence and risk ratings


• Track audit remediation activities and follow up on open findings


• Prepare audit reports and executive summaries for technical and business stakeholders


• Develop and maintain audit templates, checklists, and procedures


• Maintain audit documentation and evidence repositories

Compliance Management (30%):

• Support ISO certification activities (27001, 27701, 27017, 42001)


• Assist with SOC2 Type 2 audit preparation and evidence collection


• Conduct gap assessments against compliance framework requirements


• Coordinate with external auditors and certification bodies


• Monitor compliance with security policies and standards


• Track compliance remediation activities and timelines


• Prepare compliance status reports for leadership


• Maintain compliance calendar and tracking system

Security Awareness & Training (30%):

• Develop and execute annual security awareness plan and monthly campaigns


• Create security awareness content (emails, tips, posters, infographics, videos)


• Develop AI security awareness content and training materials


• Design and deliver role-based security training programs (developers, executives, new hires, managers)


• Manage Learning Management System (LMS) for security training and completion tracking


• Conduct security culture surveys and analyze results


• Develop and manage security champions program


• Partner with Communications team on security messaging


• Create video content and scripts for training programs


• Support executive and board security training

What you bring:

• Bachelor's degree in Information Security, Computer Science, Information Technology, or related field


• Master's degree preferred


• Certifications (at least one required; additional preferred)




• CISSP, CISA, CISM, CRISC, ISO 27001 Lead Auditor, or Security+, ISO 27701 Lead Auditor, ISO 42001, CEH, CCSP

Experience:

• 8-10 years of experience in information security - technical arena, GRC, audit, or compliance


• Experience conducting security audits or assessments


• Experience with compliance frameworks (ISO 27001, SOC2, or similar)


• Experience with risk assessment and vendor security reviews


• Experience working with global teams across time zones


• Experience in technology or SaaS companies preferred

Technical Knowledge & Skills:

Security Frameworks & Standards:

• ISO 27001, 27701, 27017, 42001 requirements and controls


• SOC2 Trust Services Criteria


• NIST Cybersecurity Framework (CSF) and NIST 800-53


• CIS Controls and benchmarks


• OWASP Top 10 and secure development practices


• Cloud security standards (CSA CCM, AWS/Azure/GCP best practices)

Audit & Assessment Skills:

• Security audit methodologies (ISO 19011, COBIT)


• Risk-based audit planning and prioritization


• Evidence collection and analysis


• Findings documentation and reporting


• Remediation tracking and verification


• Root cause analysis

Technical Competencies:

• Understanding of network security, firewalls, and segmentation


• Knowledge of identity and access management (IAM)


• Familiarity with cloud environments (AWS, GCP)


• Understanding of encryption, key management, and data protection


• Knowledge of application security and secure SDLC


• Understanding of infrastructure security and hardening


• Familiarity with security tools (SIEM, vulnerability scanners, CASB, etc.) 

#LI-PM1

#LI-Hybrid