Over the past 15 years, we have seen a shift in the focus of business models across every industry – from selling physical products via one-time transactions to monetizing services via ongoing customer (aka subscriber) relationships. This is the “Subscription Economy” a phrase coined by our CEO, Tien Tzuo, he even wrote the book on it: Subscribed.

Companies have realized that the path to growth going forward is to establish direct, digital relationships with their customers, and monetize these relationships through an ever growing set of digital services.

Our vision is simple: we call it “The World Subscribed.” It’s the idea that one day every company will join the Subscription Economy — a $1.5 Trillion opportunity by 2025 according to UBS.

Our mission: to power the world’s best companies to win in the Subscription Economy.

THE TEAM

Our Information Technology (IT) team is Zuora's internal engineering organization, responsible for creating technology experiences that connect our teams, drive business alignment and build a stronger, more collaborative work “place.” With a cloud-first approach, we empower our global ZEOs with increased productivity and self-service to enable company growth, scale and flexibility while hardening our security and compliance posture.

THE OPPORTUNITY

A Security Process Lead at Zuora works closely with IT, Product Security, Compliance and engineering teams to identify risk areas and establish baseline control alignment for continued organizational growth and maturity. You will plan internal audits from start to finish, perform gap assessments and advice on gap closure, collect and review evidence, and present evidence to managers of IT systems. In addition, you will serve as an advisor to IT teams, create security processes to support securing IT systems, and draft policies for best practices that the IT organization will consume. You will own key systems that help support the function and execute projects to continually enhance the operational capabilities of the systems managed by you. You’ll find work at Zuora to be uniquely rewarding because of our company culture and your great co-workers.

OUR TECH STACK: AWS, Azure, GCP, Active Directory, Okta, RSA, OneLogin

WHAT YOU’LL ACHIEVE

• Implement systems and processes to support governance and risk management programs 
• Support the company’s corporate compliance initiatives, including SOX ITGC, SOC 1, SOC 2, ISO 27001 and PCI
• Lead IT SOX compliance activities
• Create, maintain and review information security policies and standards aligned with industry standards, addressing compliance and legal obligations
• Engage and manage internal/external auditors supporting IT security and compliance assessments
• Create an end-to-end vendor security program, including architecture reviews, periodic compliance reviews, onboarding and offboarding processes as part of IT ARC and Procurement review
• Manage annual and semi-annual reviews of Zuora’s IT Policies and Procedures
• Own and manage audit assurance platform for audit evidence collection
• Measure and report on control effectiveness in compliance with the enterprise security program
• Drive alignment with key partners to sync and scale Zuora Enterprise Security
• Partner with key stakeholders to drive compliance security process efforts for daily, monthly and annual review with adherence to security policies
• Drive initiatives to reduce end user security risk through processes and tooling
• Deliver a comprehensive security awareness program, including annual training, newsletters, and interactive activities

WHAT YOU’LL NEED TO BE SUCCESSFUL

• 8+ years of experience in a similar role
• Have a strong understanding of the organizational landscape and compliance requirements and processes
• Effective communication skills enabling the ability to communicate complex information to various audiences both verbally and in writing (English)
• In depth knowledge of cloud technologies
• In depth knowledge and experience leading audits for certification standards such as SOC-2, HIPAA, PCI-DSS, CSA STAR, ISO 27001, NIST 800 etc.
• In depth knowledge of security frameworks such as CIS, NIST, OWASP etc.
• In depth knowledge of information security principles and practices
• Passionate about security, privacy, and compliance
• Be an evangelist who drives security processes, maintain, audit and review against control areas
• Passionate about security, privacy, and compliance
• Industry certifications are a plus: CISSP, CISM, CISA, CRISC, GCAP etc.
• Bachelor's degree in computer science, mathematics, related field or equivalent years of relevant experience

Benefits*

• Competitive compensation, company equity, and retirement programs
• Medical, dental and vision insurance
• Paid holidays and “wellness” days and company wide winter break
• Generous, flexible time off 
• 6 months fully paid parental leave
• Learning & Development stipend
• Opportunities to volunteer and give back, including charitable donation match
• Free resources and support for your mental wellbeing

*Specific benefits offerings may vary by country

About Zuora 

As the Subscription Economy leader, Zuora empowers today’s innovative companies to nurture and monetize direct, digital relationships. Our award-winning multi-product portfolio now includes Zuora Revenue, Zuora Collect and Zuora Central Platform. More recently, we’ve added subscription experience platform Zephr to our family, further expanding our capabilities to serve as an intelligent hub that monetizes the complete quote to cash and revenue recognition process at scale.

Through our combination of technology and expertise, Zuora (NYSE: ZUO) helps more than 1,000 companies around the world, including BMC Software, Box, Caterpillar, General Motors, Penske Media Corporation, Schneider Electric, Siemens and Zoom nurture and monetize direct, digital customer relationships. Headquartered in Silicon Valley, Zuora operates offices around the world in the U.S., EMEA, APAC and LATAM.

“ZEO” Culture

At Zuora, we’re building an inclusive, high-performance culture that every ZEO wants to subscribe to. We want ZEOs at every level to feel valued, included, and inspired to innovate, connect and collaborate authentically as we pioneer the Subscription Economy. You’ll be empowered to think like an owner, take initiative and together, with the support of your team you’ll push each other to the next level and help transform business models everywhere.

To learn more visit www.zuora.com

Zuora is proud to be an Equal Employment Opportunity Employer.

Think, be and do you! At Zuora, different perspectives, experiences and contributions matter. Everyone counts. Zuora is proud to be an Equal Opportunity Employer committed to creating an inclusive environment for all.

Zuora does not discriminate on the basis of, and considers individuals seeking employment with Zuora without regards to, race, religion, color, national origin, sex (including pregnancy, childbirth, reproductive health decisions, or related medical conditions), sexual orientation, gender identity, gender expression, age, status as a protected veteran, status as an individual with a disability, genetic information, political views or activity, or other applicable legally protected characteristics.

We encourage candidates from all backgrounds to apply. Applicants in need of special assistance or accommodation during the interview process or in accessing our website may contact us by sending an email to assistance@zuora.com.