We are looking for a Manager in our Security Compliance Team to help own initiatives, manage individuals, and continue to grow our function. Do you thrive in an environment where keeping your company’s data helps you sleep at night? Can you nimbly switch between conversations with customers, vendors, and internal stakeholders seamlessly? As you uncover risks can you creatively mitigate without creating more issues that impact the business?
What you get to do every day:
Own responsibility over our Product-related Security Compliance initiatives such as SOC 2, ISO 27001, ISO 27018, PCI (service provider), FedRAMP, and whatever is next to come for Zendesk. This includes performing gap assessments against these frameworks for new products, tools, and technologies as well as planning and executing regular internal audits.
Own responsibility over third-party Security-related vendor assessments to ensure the vendors we use have a level of Security to balance the level of risk they’d introduce into Zendesk environment(s).
Manage a team of employees and contractors in order to:
Help ensure internal teams are ready for external audits.
Participate in and help to manage the Company’s overall security compliance program by identifying and articulating real risks, as well as, helping design effective controls to mitigate them.
Inspire business partners to do the right thing using diplomacy and tact in all interactions, while finding effective resolutions to problems.
Track and report findings and work with teams to remediate and mitigate risks.
Align and consult with key control owners including IT, Legal, Sales, Engineering, Operations, and fellow Security team members.
Plan and perform internal audits to assess control design and effectiveness Perform gap assessments of existing controls/requirements on new environments and tools.
Manage internal requests for new vendors and partners and evaluate for risk.
Thrive in an environment that is dynamic and constantly changing.
What you bring to the role:
Experience managing a team of Security AuditorsBA/BS degree in a related field, MS or MA preferred, and a minimum of 5 years experience in IT audit, information security, and/or compliance. Big 4 experience preferred.
Comprehensive knowledge of current risk, security frameworks, and trends.
Knowledge of PCI, HIPAA, SOC, SOX, ISO, GLBA, and FedRAMP requirements, as well as global data protection and privacy lawsStrong technical understanding of cloud security challenges and controls.
Good understanding of technologies and controls including those related to host, database, networking, and application securityAble to rapidly adapt to new tools used in day to day work to include systems like Jira, Confluence, Slack, salesforce, Workday,, github,, Zendesk, etc.
Proven experience performing audits, risk assessments, and reviewing and developing key processes and controls.
Comfortable presenting and communicating issues and challenges to Executive Management
Able to effectively work with technical and non technical resourcesExcellent communication skills and a healthy desire for collaboration, using your strong organizational skills and diplomacy in all interactions both in and out of our organization.
Zendesk builds software for better customer relationships. It empowers organizations to improve customer engagement and better understand their customers. Zendesk products are easy to use and implement. They give organizations the flexibility to move quickly, focus on innovation, and scale with their growth. Based in San Francisco, Zendesk has operations in the United States, Europe, Asia, Australia, and South America. Learn more at www.zendesk.com.
Interested in knowing what we do in the community? Check out the Zendesk Neighbor Foundation to learn more about how we engage with, and provide support to, our local communities.
Individuals seeking employment at Zendesk are considered without regards to race, color, religion, national origin, age, sex, marital status, ancestry, physical or mental disability, veteran status, or sexual orientation.