Principal Security Analyst

Bengaluru, Karnataka, India

ZoomInfo is where careers accelerate. We move fast, think boldly, and empower you to do the best work of your life. You'll be surrounded by teammates who care deeply, challenge each other, and celebrate wins. With tools that amplify your impact and a culture that backs your ambition, you won't just contribute. You'll make things happen–fast. This role is responsible for executing the organization's security audit, compliance, awareness, and training programs. The analyst will work with the global security leadership team to conduct audits, manage compliance certifications, deliver security training, and assess security risks.

What you will do:

Security Audit Program (40%):

Execute security audits according to established audit plans and methodologies

Conduct technical security assessments of systems, applications, and infrastructure

Perform AI third-party vendor security audits and risk assessments

Document audit findings with clear evidence and risk ratings

Track audit remediation activities and follow up on open findings

Prepare audit reports and executive summaries for technical and business stakeholders

Develop and maintain audit templates, checklists, and procedures

Maintain audit documentation and evidence repositories

Compliance Management (30%):

Support ISO certification activities (27001, 27701, 27017, 42001)

Assist with SOC2 Type 2 audit preparation and evidence collection

Conduct gap assessments against compliance framework requirements

Coordinate with external auditors and certification bodies

Monitor compliance with security policies and standards

Track compliance remediation activities and timelines

Prepare compliance status reports for leadership

Maintain compliance calendar and tracking system

Security Awareness & Training (30%):

Develop and execute annual security awareness plan and monthly campaigns

Create security awareness content (emails, tips, posters, infographics, videos)

Develop AI security awareness content and training materials

Design and deliver role-based security training programs (developers, executives, new hires, managers)

Manage Learning Management System (LMS) for security training and completion tracking

Conduct security culture surveys and analyze results

Develop and manage security champions program

Partner with Communications team on security messaging

Create video content and scripts for training programs

Support executive and board security training

What you bring:

Bachelor's degree in Information Security, Computer Science, Information Technology, or related field

Master's degree preferred

Certifications (at least one required; additional preferred)

CISSP, CISA, CISM, CRISC, ISO 27001 Lead Auditor, or Security+, ISO 27701 Lead Auditor, ISO 42001, CEH, CCSP

Experience:

8-10 years of experience in information security - technical arena, GRC, audit, or compliance

Experience conducting security audits or assessments

Experience with compliance frameworks (ISO 27001, SOC2, or similar)

Experience with risk assessment and vendor security reviews

Experience working with global teams across time zones

Experience in technology or SaaS companies preferred

Technical Knowledge & Skills:

Security Frameworks & Standards:

ISO 27001, 27701, 27017, 42001 requirements and controls

SOC2 Trust Services Criteria

NIST Cybersecurity Framework (CSF) and NIST 800-53

CIS Controls and benchmarks

OWASP Top 10 and secure development practices

Cloud security standards (CSA CCM, AWS/Azure/GCP best practices)

Audit & Assessment Skills:

Security audit methodologies (ISO 19011, COBIT)

Risk-based audit planning and prioritization

Evidence collection and analysis

Findings documentation and reporting

Remediation tracking and verification

Root cause analysis

Technical Competencies:

Understanding of network security, firewalls, and segmentation

Knowledge of identity and access management (IAM)

Familiarity with cloud environments (AWS, GCP)

Understanding of encryption, key management, and data protection

Knowledge of application security and secure SDLC

Understanding of infrastructure security and hardening

Familiarity with security tools (SIEM, vulnerability scanners, CASB, etc.)

#LI-PM1

#LI-Hybrid About us:

ZoomInfo (NASDAQ: GTM) is the Go-To-Market Intelligence Platform that empowers businesses to grow faster with AI-ready insights, trusted data, and advanced automation. Its solutions provide more than 35,000 companies worldwide with a complete view of their customers, making every seller their best seller.

ZoomInfo is committed to protecting your privacy when you apply for jobs with us. Please review our Job Applicant Privacy Notice for more details on how we handle your personal information.

ZoomInfo may use a software-based assessment as part of the recruitment process. More information about this tool, including the results of the most recent bias audit, is available here .

ZoomInfo is proud to be an equal opportunity employer, hiring based on qualifications, merit, and business needs, and does not discriminate based on protected status. We welcome all applicants and are committed to providing equal employment opportunities regardless of sex, race, age, color, national origin, sexual orientation, gender identity, marital status, disability status, religion, protected military or veteran status, medical condition, or any other characteristic protected by applicable law. We also consider qualified candidates with criminal histories in accordance with legal requirements.

For Massachusetts Applicants: It is unlawful in Massachusetts to require or administer a lie detector test as a condition of employment or continued employment. An employer who violates this law shall be subject to criminal penalties and civil liability. ZoomInfo does not administer lie detector tests to applicants in any location.