Security Risk Analyst

Security Risk Analyst at Zoom in Boise, Idaho, United States Job Description What you can expect Zoom is seeking a Security Risk Analyst to join our Security GRC team as we mature the Security Risk Management program and develop new capabilities. In this role, you will assist Security Risk Engineers with identifying, analyzing, monitoring, and reporting security risks using data-driven approaches. This includes supporting risk assessments, managing the security risk register, and collaborating closely with stakeholder teams. About the Team Security GRC is a people-first, high-impact team that sits at the intersection of security, product, legal, and leadership. Through our standards, controls, certifications, customer assurance, and risk and vendor management programs, we enable Zoom to move faster and smarter. We help unlock revenue through risk-based security initiatives, creative problem-solving, and strategic partnerships. Join us to help shape GRC innovation in a global tech company while working alongside thoughtful, collaborative, and deeply talented teammates Responsibilities + Triaging and evaluating security risks in accordance with NIST Risk Management Framework, FAIR, and internally established processes. + Supporting data collection, modeling, and analysis of security risks using both qualitative and quantitative methods. This work spans multiple domains, including cloud security, network security, infrastructure security, product security, endpoint security, and third-party security. + Collaborating with cross-functional stakeholders in Engineering, Legal, DevOps, IT, and Security in the prioritization and treatment of security risks. + Guiding the development and documentation of risk treatment plans in line with enterprise risk appetite. + Monitoring risk mitigation and remediation efforts and reporting on progress. + Assisting with the administration of the security risk register. What we’re looking for + Demonstrate 2+ years of experience in information security or GRC roles. Risk management experience would be a bonus. + Have knowledge of standard industry frameworks such as NIST, ISO, COBIT, FAIR, OWASP, MITRE Attack, etc. + Understand information security principles, cybersecurity technologies and best practices, and GRC processes + Communicate complex security risks clearly to technical and non-technical stakeholders + Organize and prioritize multiple workstreams in technical environments + Collaborate effectively across cross-functional teams + Possess professional certifications such as S To view full details and how to apply, please login or create a Job Seeker account

Created: 2026-02-02