Company Description
Zayo provides mission-critical bandwidth to the world’s most impactful companies, fueling the innovations that are transforming our society. Zayo’s 141,000-mile network in North America and Europe includes extensive metro connectivity to thousands of buildings and data centers. Zayo’s communications infrastructure solutions include dark fiber, private data networks, wavelengths, Ethernet, and dedicated Internet access. Zayo serves wireless and wireline carriers, media, tech, content, finance, healthcare and other large enterprises.
Zayo is seeking a Risk & Compliance Analyst to serve as the key liaison between our Security organization and our customers, focusing on responding to security-related customer inquiries and conducting contract reviews from a security, privacy, and compliance perspective. Our Risk & Compliance Analyst will directly support Zayo's mission to maintain customer trust, protect Zayo’s security and compliance posture within contractual obligations, and demonstrate transparency in how we manage and protect data. Our ideal Risk & Compliance Analyst will have a strong background in compliance, risk management, audit, and customer experience within a regulated environment.
This role requires strong communication skills, an understanding of security principles, and familiarity with compliance frameworks. Knowledge of Governance, Risk, and Compliance (GRC) and Audit practices and experience with ServiceNow is highly desirable. Exceptional communication skills, attention to detail, and leadership abilities are essential for success in this role.
*We're open to this position working remotely within the United States.
Responsibilities:
Serve as the primary point of contact for customer security inquiries and contract language reviews during the RFP, onboarding, and retention stages of the customer lifecycle, utilizing ServiceNow for ticketing and case management
Respond to customer security questionnaires, due diligence requests, and trust-related inquiries in a timely and accurate manner
Coordinate with internal stakeholders (Security, Legal, Sales, Engineering, etc.) to gather and validate information required for customer responses
Maintain accurate documentation of responses and ensure consistency across all customer-facing communications
Provide support during customer audits, certifications, or security assessments
Review and provide security and compliance focused feedback on data protection clauses, information security appendices, and regulatory obligations (e.g., SCCs, Schrems II) in customer contracts, Data Processing Agreements (DPAs), and Master Service Agreements (MSAs)
Collaborate with Legal and Security teams to negotiate or redline security clauses and ensure alignment with company standards and capabilities
Identify contractual risks and assist in developing mitigation strategies where necessary
Support internal teams in understanding and operationalizing contractual security obligations
Assist in mapping customer requirements to internal controls and policies
Support evidence gathering for internal or external audits and compliance initiatives
Contribute to maintaining customer trust documentation, such as SOC 2 reports, ISO certifications, and penetration test summaries
Collaborate in the development of training materials and resources and conduct training sessions for internal teams on customer trust and audit-related processes and requirements
Contribute to the development and implementation of audit readiness and response strategies
Escalate issues and challenges in a timely and effective manner
Qualifications:
Bachelor's degree in Cybersecurity, Information Systems, Business, or a related field, or equivalent experience
Minimum of five (5) years of experience in a security, audit, or trust-related role, preferably in telecommunications or technology
Familiarity with key security and privacy frameworks (e.g., ISO 27001, SOC 2, NIST, GDPR). Unified Compliance Framework (UCF) experience is a plus
Strong understanding of audit processes and compliance standards
Excellent organizational and project management skills
Strong written and verbal communication and interpersonal skills with cross-functional collaboration experience
Strong knowledge of regulatory frameworks (e.g., Telecom, GDPR, NIST) depending on industry
Exceptional analytical, investigative, and problem-solving skills
High integrity with the ability to handle confidential and sensitive information
Detail-oriented with a focus on accuracy and thoroughness
Ability to handle multiple priorities in a fast-paced environment
Preferred:
Experience reviewing or negotiating contract language related to security, privacy, and compliance, strongly preferred
Knowledge of GRC tools and methodologies
Industry certifications such as CISA, CIPP, or Security+ are a plus
Proficiency in Google Workspace (formerly G Suite), Microsoft 365/SharePoint, and ServiceNow
Expected Base Salary Range: $95,800 - $136,900 USD/annually
The base pay range shown is a guideline and reasonable estimate for this role. It takes into account the wide variety of factors that are considered in making compensation decisions. Actual compensation offered may vary from the posted range based upon geographic location, work experience, skill level, certifications, and other business and organizational needs. Non- sales roles may be eligible to participate in a discretionary annual incentive plan. Sales roles may be eligible to participate in a sales incentive plan.
Additionally, this position may be eligible for certain benefits, such as health insurance, life insurance, disability retirement plans, paid time off.
The posting will be active for a minimum of 3 days. The active posting will continue to extend by 3 days until the position is filled.
Benefits, Rewards & Wellness
Excellent Health, Dental & Vision Insurance
Retirement 401(k) Savings Plan
Generous paid time off policy including paid parental leave
Zayo provides equal employment opportunities to all employees and applicants for employment and prohibits discrimination and harassment of any type without regard to race, color, religion, age, sex, national origin, disability status, genetics, protected veteran status, sexual orientation, gender identity or expression, or any other characteristic protected by federal, state, provincial or local laws.
This policy applies to all terms and conditions of employment, including recruiting, hiring, placement, promotion, termination, layoff, recall, transfer, leaves of absence, compensation and training.
