The Cyber Risk and Incident Response Manager is responsible for managing Zoom's Incident Response, and Risk Register within Zoom's Governance, Risk and Compliance (GRC) Technology platform(s). This individual will be a subject matter expert in incident response (IR) and risk registry creating Zoom's playbooks with a focus on creating, and maintaining incident response playbooks that would be invoked from Zoom's GRC platform.
Utilizing the National Institute of Standards and Technology (NIST) Cybersecurity Framework. In using the NIST CSF as a guiding principle would assure Zoom has the appropriate systems, and playbooks in place to establish:
- The creation of an incident response policy and plan
- The development of procedures for performing incident handling and reporting
- Setting guidelines for communicating with outside parties regarding incidents
- Determining the Zoom teams that would be involved with continuous IR planning, monitoring and resolutions
- Would establish relationships and lines of communication between the incident response team and other groups, both internal (e.g., security operations center, legal department)
- Assist with determining what services the incident response team should provide
The Cyber Risk and Incident Response Manager will be responsible for creating Zoom's IR playbooks that would be used and implemented within Zoom to include:
- Incident identification
- Incident logging
- Incident categorization
- Incident prioritization
- Incident response
- Initial diagnosis
- Incident escalation
- Investigation and diagnosis
- Resolution and recovery
- Incident closure
- Incident Identification
The Cyber Risk and Incident Response Manager will be responsible for the creation, maintenance and on-going monitoring of Zoom's Risk Register within the GRC environment.
- Provide a centralized process to identify, assess, respond to, and continuously monitor Zoom's enterprise and platform risks that may negatively impact business operations.
- Develop structured workflows for the management of risk assessments, risk indicators, and risk issues.
- Utilizing the Zoom GRC platform will create graphical interfaces to report out profile and risk dependencies.
- Will create profile types to group common profiles with similar risks together for easier assessment.
- Will create risk statements to define a set of potential risks that could occur across the organization.
- Will assign risk statements to profile types, to generate risks from statements, or generate risks manually.
- Assist with determining the appropriate risk response (for example, Accept, Avoid, Mitigate, or Transfer), and document the justification for the response.
- Assign and complete Remediation Tasks to ensure that risk mitigation efforts are implemented.
- Utilize the Governance, Risk, and Compliance (GRC) application to track risk mitigation efforts by relating a risk to controls or policies which mitigate the risk.
Required and Preferred Skills and Experience:
- Education: Masters Degree preferred
- 10 + years of experience with both government & large service providers in cyber and incident/legal response matters
- Experience handling cyber security relationships between the public and private sector.
- Previous government related experience in Incident Response playbook creation
- Experience managing a cyber security and defense team for a government cyber security program.
- Direct experience in implementing NIST based incident response programs
- Experience working with and coordinating with enterprise legal teams
- Exceptional verbal and written communication skills, with mastery of the ability to tailor the context of the conversation to the audience
- Experience with socializing incident response awareness campaigns
- Ability to think outside the box and develop solutions to accomplish seemingly impossible tasks, while remaining risk and objective focused
Ensuring a diverse and inclusive workplace where we learn from each other is core to Zoom's values. We welcome people of different backgrounds, experiences, abilities and perspectives including qualified applicants with arrest and conviction records as well as any qualified applicants requiring reasonable accommodations in accordance with the law.
We believe that the unique contributions of all Zoomies is the driver of our success. To make sure that our products and culture continue to incorporate everyone's perspectives and experience we never discriminate on the basis of race, religion, national origin, gender identity or expression, sexual orientation, age, or marital, veteran, or disability status.
All your information will be kept confidential according to EEO guidelines.
Zoom requires all U.S. employees who will work in person at a Zoom office, attend in-person Zoom meetings or have in-person customer meetings to be fully vaccinated. Zoom will consider requests for reasonable accommodations for religious or medical reasons as required under applicable law.
- Hear from our leadership team
- Browse Awards and Employee Reviews on Comparably
- Visit our Blog
- Zoom with us!
- Find us on social at the links below and on Instagram