CYBERSECURITY ASSESSMENT AND AUTHORIZATION SUBJECT MATTER EXPERT (SME) Position : Remote Serves as a cybersecurity Subject Matter Expert (SME) with regards to Assessment and Authorization (A&A) of information systems and all associated cybersecurity policies and procedures. Performs a DOD cybersecurity process while either authorizing an information system or serving as a SME for an information system undergoing authorization. Possess an understanding of how the security controls identified in the NIST 800-53 apply to the process of assessing and authorizing a large organization’s IT infrastructure such as DLA’s, in which there is a compilation of large and small enclaves, AIS applications and outsourced IT processes. Determines the applicable severity value for an identified vulnerability (e.g., non-compliant security control) and determines the possible ramifications on the system’s current or future authorization. Briefs senior management on the progress or results of an information system undergoing the Risk Management Framework (RMF) process. Minimum Requirements: - Five (5) years of relevant Risk Management Framework (RMF) and NIST A&A experience - DOD cybersecurity experience - Experience in assessing security controls and conducting authorization reviews for large, complex organizations. - Experienced in the general tenets supporting the overall DOD implementation of its authorization process, to include supporting cybersecurity policy, procedures, and processes. - Knowledgeable in the cybersecurity of emerging technology areas such as Cloud and Industrial Control Systems (ICSs), warehouse execution systems and - Operational Technology (OT) infrastructures. - DOD Top Secret Clearance and must possess IT-II Non-Critical Sensitive security clearance or Tier 3 (T3) at time of proposal submission. - CERT Personnel: Any team member assigned duties at DLA CERT shall possess a DOD TOP SECRET Clearance and must possess IT-I Critical Sensitive security clearance or Tier 5 (T5) at time of proposal submission. - Any team member assigned duties as DLA CERT Analyst will maintain CSSP-Analyst certification Contract Start is May 17th. 5 Year POP.

What you can expect Zoom is seeking a hands-on technical leader for our Enterprise Security team. In this role, you will lead the Enterprise Security team and drive corporate security initiatives across the organization including enterprise-wide tooling and policy implementation and process improvement projects. This role is responsible for defining, assessing, and supporting implementation of security policies and controls across Zoom’s Cloud, Network, Infrastructure, Endpoints and Business Applications. This role is also responsible for building and implementing Zoom’s Enterprise AI and Data security policies and governance. The role requires a collaborative approach towards security working with key stakeholders including DevOps, IT, Platform Engineering, Product, and other engineering and security teams. In this role, you are a strategic thinker, reporting directly to the CISO, responsible for defining strategy and requirements and overseeing execution of that strategy. In addition to strong leadership and communication skills, you will need to have deep technical expertise and risk management experience to understand, identify, and prioritize Risk and threats to Zoom. It is also important to have a strong understanding of business impact and be able to balance and align strategy with business priorities. About the Team The Enterprise Security team drives the design, implementation, and management of security programs across data, network, endpoint, infrastructure and cloud domains. They collaborate with technology, compliance, and business teams to integrate security into processes and projects, ensure regulatory compliance, and protect the organization’s systems and information at scale. Responsibilities - Leading and managing the enterprise security team made up of managers, engineers, and analysts. - Defining and executing on enterprise-wide security strategy, policies, and controls, including enterprise-wide security deployments and controls assessments. - Ensuring teams meet regulatory and customer requirements that minimize risks to Zoom. - Driving security risk remediation projects by partnering with internal Security teams, to include Security Assurance, Detection & Response, Security Operations, and Engineering Security teams. - Updating security leadership on Monthly and Quarterly Business Reviews for Enterprise Security. - Implementing data-driven process improvements that improve OKRs and KPIs. What we’re looking for - Have 8+ years of experience in cybersecurity, with at least 3 years experience specifically in an enterprise security leadership role. - Have previous experience at the Director or Senior Manager level, Information Security within a large enterprise security environment, leading and managing implementations, would be a bonus. - Demonstrate advanced technical experience in DevOps, Cloud, network, systems, data, and application security concepts. Apply tools to identify and protect IT assets, detect security events, and remediate discovered vulnerabilities. - Have knowledge and skills managing security of PC, Mac and Linux platforms in a physical, virtual or public cloud environment. - Have experience working in video communications or technical industry preferred. - Possess a Bachelor's or Master's degree in IT Security, Computer Science, or equivalent. - Possess CISSP, OSCP, CISM, CISA, GIAC, or equivalent certifications, would be an advantage. - Be available for occasional after-hours tasks. Salary Range or On Target Earnings: Minimum: $171 800,00 Maximum: $375 900,00 In addition to the base salary and/or OTE listed Zoom has a Total Direct Compensation philosophy that takes into consideration; base salary, bonus and equity value. Note: Starting pay will be based on a number of factors and commensurate with qualifications & experience. We also have a location based compensation structure; there may be a different range for candidates in this and other locations At Zoom, we offer a window of at least 5 days for you to apply because we believe in giving you every opportunity. Below is the potential closing date, just in case you want to mark it on your calendar. We look forward to receiving your application! Anticipated Position Close Date: 04/03/26 Ways of Working Our structured hybrid approach is centered around our offices and remote work environments. The work style of each role, Hybrid, Remote, or In-Person is indicated in the job description/posting. Benefits As part of our award-winning workplace culture and commitment to delivering happiness, our benefits program offers a variety of perks, benefits, and options to help employees maintain their physical, mental, emotional, and financial health; support work-life balance; and contribute to their community in meaningful ways. Click Learn for more information. About Us Zoomies help people stay connected so they can get more done together. We set out to build the best collaboration platform for the enterprise, and today help people communicate better with products like Zoom Contact Center, Zoom Phone, Zoom Events, Zoom Apps, Zoom Rooms, and Zoom Webinars. We’re problem-solvers, working at a fast pace to design solutions with our customers and users in mind. Find room to grow with opportunities to stretch your skills and advance your career in a collaborative, growth-focused environment. Our Commitment​ At Zoom, we believe great work happens when people feel supported and empowered. We’re committed to fair hiring practices that ensure every candidate is evaluated based on skills, experience, and potential. If you require an accommodation during the hiring process, let us know—we’re here to support you at every step. If you need assistance navigating the interview process due to a medical disability, please submit an Accommodations Request Form and someone from our team will reach out soon. This form is solely for applicants who require an accommodation due to a qualifying medical disability. Non-accommodation-related requests, such as application follow-ups or technical issues, will not be addressed. #LI-Remote

• Deliver monthly threat intelligence reports on major events supported by our internal telemetry • Deliver internal briefings to technical teams and executive summaries to leadership • Take ownership of driving threat intelligence focused marketing content • Support threat-hunting and detection engineering by translating intelligence into detection opportunities • Present at relevant CTI-focused conferences and industry events

• Conduct comprehensive third-party security risk assessments by evaluating vendor controls, policies, and documentation (e.g., SOC 2, ISO, penetration tests) against established frameworks. • Analyze assessment results to identify risks, document findings, and provide actionable remediation recommendations. • Assess risks related to data handling, privacy, critical integrations, and system dependencies • Assess risks associated with third parties use of emerging technologies, including AI/ML, with a focus on data security and governance • Collaborate with procurement, legal, and business stakeholders to embed security requirements into vendor onboarding and lifecycle management processes. • Monitor vendor risk posture over time, including tracking security incidents, control changes, and emerging risks. • Track, measure, and report on third-party risk metrics, trends, and remediation progress to leadership. • Support the development, maintenance, and continuous improvement of third-party risk management policies, standards, and procedures. • Leverage available tools, including AI-assisted technologies, to improve the efficiency and consistency of third-party security risk assessments and documentation. • Ensure compliance with applicable regulatory and security frameworks (e.g., NIST, ISO 27001, SOX) and support incident response efforts involving third parties.