Security Process Lead

Redwood City, CA, United States

Apply now


Customers have changed. They’re looking for new ways to engage with businesses. Consumers today have a new set of expectations. They want outcomes, not ownership. Customization, not generalization. Constant improvement, not planned obsolescence.

In the old world (let’s call it the Product Economy) it was all about things. Acquiring new customers, shipping commodities, billing for one-time transactions. But in today’s new era, it’s all about relationships. More and more customers are becoming subscribers because subscription experiences built around services meet consumers’ needs better than the static offerings or a single product.

Our vision is “The World Subscribed” where one day every company will be a part of the Subscription Economy® (a phrase coined by our CEO, Tien Tzuo and author of the best selling book Subscribed).

As consumers wave goodbye to ownership, join us as we help companies win on their journey to usership!


Our Information Technology (IT) team is Zuora’s internal engineering organization, responsible for creating technology experiences that connect our teams, drive business alignment and build a stronger, more collaborative work “place.” With a cloud-first approach, we empower our global ZEOs with increased productivity and self-service to enable company growth, scale and flexibility while hardening our security and compliance posture.


A Security Process Lead at Zuora works closely with IT, Product Security, Compliance and engineering teams to identify risk areas and establish baseline control alignment for continued organizational growth and maturity. You will plan internal audits from start to finish, perform gap assessments and advice on gap closure, collect and review evidence, and present evidence to managers of IT systems. In addition, you will serve as an advisor to IT teams, create security processes to support securing IT systems, and draft policies for best practices that the IT organization will consume. You’ll find work at Zuora to be uniquely rewarding because of our company culture and your great co-workers.

OUR TECH STACK: AWS, Azure, GCP, Active Directory, Okta, RSA, OneLogin


  • Implement systems and processes to support governance and risk management programs 
  • Support the company’s corporate compliance initiatives, including SOX ITGC, SOC 1, SOC 2, ISO 27001 and PCI
  • Lead IT SOX compliance activities
  • Create, maintain and review information security policies and standards aligned with industry standards, addressing compliance and legal obligations
  • Engage and manage internal/external auditors supporting IT security and compliance assessments
  • Create an end-to-end vendor security program, including architecture reviews, periodic compliance reviews, onboarding and offboarding processes as part of IT ARC and Procurement review
  • Manage annual and semi-annual reviews of Zuora’s IT Policies and Procedures
  • Own and manage audit assurance platform for audit evidence collection
  • Measure and report on control effectiveness in compliance with the enterprise security program
  • Drive alignment with key partners to sync and scale Zuora Enterprise Security
  • Partner with key stakeholders to drive compliance security process efforts for daily, monthly and annual review with adherence to security policies
  • Drive initiatives to reduce end user security risk through processes and tooling
  • Deliver a comprehensive security awareness program, including annual training, newsletters, and interactive activities


  • 8+ years of experience in a similar role
  • Have a strong understanding of the organizational landscape and compliance requirements and processes
  • Effective communication skills enabling the ability to communicate complex information to various audiences both verbally and in writing (English
  • In depth knowledge of cloud technologies
  • In depth knowledge and experience leading audits  for certification standards such as SOC-2, HIPAA, PCI-DSS, CSA STAR, ISO 27001, NIST 800 etc.
  • In depth knowledge of security frameworks such as CIS, NIST, OWASP etc.
  • In depth knowledge of information security principles and practices
  • Passionate about security, privacy, and compliance
  • Be an evangelist who drives security processes, maintain, audit and review against control areas
  • Passionate about security, privacy, and compliance
  • Industry certifications are a plus: CISSP, CISM, CISA, CRISC, GCAP etc.
  • Bachelor’s degree in computer science, mathematics, related field or equivalent years of relevant experience


Zuora (NYSE: ZUO) Zuora provides the leading cloud-based subscription management platform that functions as a system of record for subscription businesses across all industries. Powering the Subscription Economy®, the Zuora platform was architected specifically for dynamic, recurring subscription business models and acts as an intelligent subscription management hub that automates and orchestrates the entire subscription order-to-revenue process seamlessly across billing and revenue recognition. Zuora serves more than 1,000 companies around the world, including Box, Ford, Penske Media Corporation, Schneider Electric, Siemens, Xplornet, and Zoom.

At Zuora, we have one CEO but ​every employee is empowered and supported to be the ‘ZEO’ of their own career experience. By embedding inclusion and belonging into our processes, policies and culture, we are building a workplace where our 1,200+ ZEOs across North America, Europe, and APAC can bring all the elements of who they are into their work. In addition to an industry-leading six-month, 100% paid parental leave for all our ZEOs, we also offer programs to support your mental health and give back to our communities along with “career cash” and plenty of learning and development opportunities.

To learn more visit

Zuora is proud to be an Equal Employment Opportunity employer.

Think, be and do you! At Zuora, different perspectives, experiences and contributions matter. Everyone counts. Zuora is proud to be an Equal Opportunity Employer committed to creating an inclusive environment for all.

Zuora does not discriminate on the basis of, and considers individuals seeking employment with Zuora without regards to, race, religion, color, national origin, sex (including pregnancy, childbirth, reproductive health decisions, or related medical conditions), sexual orientation, gender identity, gender expression, age, status as a protected veteran, status as an individual with a disability, genetic information, political views or activity, or other applicable legally protected characteristics.

We encourage candidates from all backgrounds to apply. Applicants in need of special assistance or accommodation during the interview process or in accessing our website may contact us by sending an email to

Apply now

Let’s do this.

You’re unique and we’re on a journey – so let’s embark on a unique journey together. We encourage you to apply to all roles that utilize your skills and ignite the passion within you.

No matter where you’re located, or which team you work on, you’ll be part of a group of people working together to build a better world: The World Subscribed.

Go ahead and apply!



Get to Know Us

Go ahead, take a look inside #ZEOLife. Meet our ZEOs and learn what it’s like to be a part of our team.

Read the Life at Zuora Blog

Choosing to Challenge, Today and Everyday at Zuora

Zuora’s executive team shares their insights on how we can “Choose to Challenge”...

Read more  

Choosing to Challenge, Today and Everyday at Zuora

C-Crets to Advocating for Yourself at Work

Four steps everyone can take to guide their career to the next level while maint...

Read more  

C-Crets to Advocating for Yourself at Work

Highlights from the Subscription Experience 2021

The global Subscribed experience goes virtual in our first ever Subscription Exp...

Read more  

Highlights from the Subscription Experience 2021

Connect with us

All about relationships. Let’s connect!