Security Risk Analyst

Zendesk makes support, sales, and customer engagement software for everyone. A crucial part of crafting phenomenal software is both securing it and ensuring that our customers trust in it. That’s where you come in!
The Governance, Risk and Compliance (GRC) team at Zendesk is looking for a Security Risk Analyst who has the ability to work with internal customers/stakeholders, assists in key initiatives, and help to maintain and promote a strong cybersecurity and privacy culture.

The GRC team focuses on clarifying standard procedures, and identifying, analyzing, and managing risks. We define and maintain Information Security Policies, Standards and Procedures. And track and mitigate security risks and policy non-compliance while providing visibility and accountability to the owning organizations.

• Manage risks in the Risk Register by triaging, rating, communicating, defining treatment plans and monitoring risks across various business units, security domains and asset categories.
• Ability to identify and communicate risks, control gaps and policy non-compliance to key stakeholders.
• Apply risk rating methodology across risks and policy exceptions.
• Support the creation and improvement of Information Security Policy, Standards and Guidelines.
• Perform quantitative risk assessments/analysis on various security, privacy and compliance related issues and develop measurable reports to be distributed to partners.
• Collaborate with individuals from Product Security, Security Operations, Governance & Enablement, and Engineering teams in order to improve and implement new processes that will further grow the foundation of the Security program.

• BA/BS degree in Information Systems, Math, Business, Accounting, Information Security or a related field
• Experience in security compliance, IT audit, information security, security risk, or other relevant fields
• General knowledge of NIST framework (BONUS knowledge/experience: PCI, ISO 27001/27018, SOC2, or FedRAMP)
• Familiarity with cloud security concepts for SaaS systems
• The ability to communicate sophisticated topics (both written and verbal) in a clear and concise manner to various types of audiences
• Highly organized and able to balance multiple projects simultaneously
• A desire to learn and adapt quickly