Sr Staff, Security Third Party Risk Management

The Senior Staff, Security Third Party Risk Management at Zscaler is responsible for managing enhancements to the Third-Party Risk Management (TPRM) program. This includes defining processes, overseeing projects, developing policies and procedures, implementing vendor solutions, and ensuring compliance with regulatory and industry standards. They also prepare risk rating metrics and reports, engage in risk assessments, and contribute to incident response discussions.

Candidates applying for the Senior Staff, Security Third Party Risk Management position at Zscaler should have at least 7 years of experience in cybersecurity or IT roles, including program management and risk assessments. Familiarity with frameworks such as NIST CSF, ISO 27001, and SOC2 is important, alongside proven abilities in managing global teams and strong problem-solving skills.

Zscaler is dedicated to creating an inclusive environment, celebrating diversity, and promoting equity within the workplace. The company actively encourages applications from individuals of all backgrounds to enrich its team and contribute to its mission. This commitment to diversity and belonging is evident in their policies and culture.

Zscaler provides a comprehensive benefits program designed to support employees and their families at various life stages. This includes health plans, vacation and sick time off, parental leave options, retirement plans, education reimbursement, and various in-office perks, ensuring a balanced work-life environment.

The salary range for the Senior Staff, Security Third Party Risk Management position at Zscaler is between $136,500 and $195,000 USD. This range takes into account various factors, including job-related skills, experience, and education. Keep in mind that this base pay does not include any potential bonuses or benefits.

When approaching this, I start by assessing current policies and identifying gaps. Collaborating with stakeholders is crucial to ensure comprehensive coverage. I prioritize clear documentation and align policies with industry regulations to ensure compliance and operational effectiveness.

I have extensive experience with frameworks such as NIST CSF and ISO 27001. I have utilized them to assess organizational security posture and guide compliance initiatives, ensuring that all third-party interactions align with these standards.

In my previous role, I led a risk assessment project for a high-profile vendor. I coordinated with multiple teams, ensuring that we accurately identified vulnerabilities and implemented remediation plans. This resulted in improved security posture for our organization.

I maintain current knowledge through continuous education, attending industry conferences, and following key regulatory bodies. I also engage in professional networks that focus on cybersecurity to discuss upcoming changes and best practices.

Essential metrics include risk ratings, incident frequency, compliance status, and the effectiveness of implemented controls. I believe that a visual representation of these metrics can drive better insights during reporting.

Leading through a cybersecurity incident requires clear communication and a calm response. I would guide my team to follow our incident response plan, focusing on containment, eradication, and recovery, while keeping stakeholders informed throughout the process.

A common challenge is consistent communication with vendors. I've tackled this by implementing structured processes and checklists for assessments, streamlining expectations, and regular follow-ups to ensure that all parties are aligned.

I have effectively managed global teams by embracing cultural differences and ensuring consistent communication. I've used collaboration tools and scheduled regular check-ins to facilitate alignment and knowledge sharing across time zones.

I employ a layered approach, starting with a comprehensive review of existing documentation, followed by on-site evaluations and interviews with relevant personnel to ensure controls are effectively implemented and functioning as intended.

Handling non-compliance begins with understanding the root cause. I collaborate with the vendor to develop a remediation plan, ensuring that corrective actions align with compliance requirements. Ongoing monitoring establishes accountability and maintains security standards.