Responsibilities

We are looking for an exceptional Senior GRC Analyst to join our growing team. In this role, you will lead compliance assessments for frameworks such as NIST 800-171, ISO 27001, NIST 800-53 (FedRAMP), PCI, MLPS and IRAP, while also driving broader security compliance efforts. The ideal candidate will use strong analytical, communication, and problem-solving skills to evaluate controls, identify gaps, and recommend improvements across security domains. You will also be responsible for:

• Lead and participate in both internal and external audits for frameworks including ISO 27001/27701, PCI-DSS, NIST 800-171, NIST 800-53 (FedRamp), and IRAP

• Experience using or exploring AI/automation tools to enhance, streamline, or scale Governance, Risk, and Compliance (GRC) processes and workflows

• Manage and oversee risk, compliance, and governance initiatives across teams

• Coordinate with process owners, control owners, auditors, and consultants to ensure findings are tracked and addressed

• Conduct risk assessments, security audits, and third-party/vendor risk reviews

• Review contracts to ensure security and compliance requirements are met

• Identify process gaps and recommend improvements to enhance the organization’s security posture

• Communicate risks and compliance requirements clearly to both technical and non-technical stakeholders

• Perform regular user access reviews

• Develop and track remediation plans for identified risks and issues

• Maintain and update the risk register

• Oversee vendor security assurance processes

• Collaborate with stakeholders to design and implement effective internal controls aligned with regulatory standards

• Support risk and security discussions across cross-functional teams

• Build strong working relationships across departments

• Take on additional responsibilities as needed

Requirements

Qualifications / Experience / Technical Skills

Please note that the working hours for this position are from 2:00 PM to 11:00 PM IST (overlap with U.S. Pacific Time required)

• 8+ years of experience in cybersecurity programs, audits, risk management, compliance, or remediation

• Experience working with cloud platforms such as AWS, Azure, or Google Cloud

• Proven ability to negotiate and prioritize risk remediation with internal stakeholders

• Bachelor’s degree in Information Systems, Computer Science, Information Security, or a related field

• Strong understanding of security controls, including cloud environments, firewalls, IDS/IPS, and vulnerability management

• Familiarity with NIST 800-171 and NIST Risk Management Framework (NIST 800-53)

• Experience auditing frameworks such as PCI-DSS, SOC 2, and ISO 27001/27701

• Relevant certifications (CISSP, CISA, PCI ISA, ISO, or similar) are preferred

• Ability to manage multiple priorities independently with minimal supervision

Soft Skills / Personal Characteristics

• Strong communication skills with the ability to translate compliance requirements into technical actions

• High energy and adaptability in a fast-paced environment

• Strong collaboration and a knowledge-sharing mindset

• Excellent time management and organizational skills

• High attention to detail, integrity, and ethical standards

• Willingness to learn and take on new challenges

Additional requirements

• May involve some international travel

• This position requires overlap with U.S. Pacific Time (PST) working hours. Candidates should be available and flexible to work from 2:00 PM to 11:00 PM IST.

• Strong hands-on experience with PCI audits, ISO 27001, NIST 800-171, FedRamp, SOC 2, and potentially IRAP is required.

To help your application stand out, please take time to answer the Job Application Questions below clearly and concisely. All submissions are reviewed by our Hiring Team, not evaluated by AI.

(REQ ID: 2760)

Role Overview:

The IT SOX Director is responsible for the end‑to‑end ownership of the SOX compliance program, covering IT General Controls (ITGCs), IT Application Controls (ITACs), automated controls, and Business / Financial Reporting SOX. This role partners closely with Information Security, IT, and Finance to ensure effective control design, testing, remediation, and continuous improvement in support of SOX Sections 302 and 404.

Key Responsibilities:

1. IT SOX Program Leadership & Strategy:

• Own and lead the end‑to‑end IT and Financial Reporting SOX program, ensuring effective design, operating effectiveness, remediation, and continuous improvement.
• Oversee SOX compliance for:
• IT General Controls (ITGCs), IT application controls, and automated controls across existing and new systems supporting financial reporting.
• Lead financial reporting risk assessments to determine SOX scope for new or changed business processes

1. Risk Assessment, Scoping & Control Design

• Lead annual and ongoing IT risk assessments to determine SOX scope for existing systems, new applications, platforms and technology changes
• Lead annual and ongoing risk assessments to determine SOX scope for existing and new financial reporting process; Manage the review of design and operating effectiveness of the process

1. SOX Testing Oversight & Issue Management:

• Oversee the design and operating effectiveness reviews of:
• ITGCs and ITACs across scoped systems and platforms
• Business and financial reporting controls across in‑scope processes
• Direct and guide the team through all phases of SOX testing, including planning, walkthroughs, testing, review, and reporting.

• Perform quality reviews of testing results to ensure accuracy, completeness, and audit readiness, and drive timely completion of in‑house SOX testing.
• Prepare IT and business process owners for external SOX audits, walkthroughs, and inquiries.
• Review SOC 1 Type II reports, assess control implications, and coordinate discussions with relevant process owners including Complementary User Entity Controls.
• Support identification, evaluation, and remediation of SOX deficiencies in partnership with stakeholders.

1. Audit & Stakeholder Management

• Coordinate and support external auditor requests, including walkthroughs, evidence submission, and issue resolution.
• Build strong working relationships with IT, Engineering, Information Security, and Finance Controllers to ensure smooth SOX execution.

1. Process Improvement, Automation & Transformation

• Identify and implement opportunities to automate IT and SOX controls, reduce manual effort, and increase auditor reliance.
• Drive standardization and quality of SOX documentation, including process flows, Risk & Control Matrices (RCMs), system diagrams, and role matrices.
• Promote continuous improvement through effective use of SOX tools, GRC platforms, AI tools, and data analytics. 

1. Team Leadership & Talent Development

• Lead, coach, and mentor the in‑house SOX team, fostering technical excellence and accountability.
• Set clear performance expectations, review work quality, and develop a high‑performing compliance culture.
• Support capability building and succession planning within the SOX function. 

1. Regulatory & Industry Awareness

• Stay current with SOX, PCAOB, COSO, and IT risk management standards, including emerging focus areas (eg: AI)
• Monitor regulatory developments and proactively adapt the SOX program to meet changing expectations

Skills required:

• Strong working knowledge of ITGC, ITAC, Key data reporting testing and financial reporting SOX
• Ability to interpret and leverage SOC 1 / SOC 2 reports, including evaluation of CUECs and sub‑service organizations
• Strong working knowledge on SOX scoping for IT applications/platforms and financial reporting process
• Strong understanding of COSO Internal Control Framework and alignment of IT controls to financial reporting risks
• Solid understanding of IT environments including ERP systems, cloud platforms, dev Ops, change pipeline and cloud controls
• Proven ability to lead, coach, and manage inhouse SOX teams
• Clear, concise communication of IT and financial reporting risks and control issues to senior management and audit committee

Education Qualification required:

• CA/CPA/IT or MBA Engineering graduates/Certified Information System Auditor/ with 10 to 15 years of IT SOX experience. The candidate should also possess reasonable business SOX experience.
• In-depth expertise in the COSO framework, PCAOB standards, and IT control environments.
• Demonstrated success leading large-scale, complex SOX programs within public company settings.
• Strong ability to engage and influence senior leadership and external auditors.

Company Summary

Zeta Global is a data-powered marketing technology company with a heritage of innovation and industry leadership. Founded in 2007 by entrepreneur David A. Steinberg and John Sculley, former CEO of Apple Inc and Pepsi-Cola, the Company combines the industry’s 3rd largest proprietary data set (2.4B+ identities) with Artificial Intelligence to unlock consumer intent, personalize experiences and help our clients drive business growth.

Our technology runs on the Zeta Marketing Platform, which powers ‘end to end’ marketing programs for some of the world’s leading brands. With expertise encompassing all digital marketing channels – Email, Display, Social, Search and Mobile – Zeta orchestrates acquisition and engagement programs that deliver results that are scalable, repeatable and sustainable.

Zeta Global is an Equal Opportunity/Affirmative Action employer and does not discriminate on the basis of race,

gender, ancestry, color, religion, sex, age, marital status, sexual orientation, gender identity, national origin, medical condition, disability, veterans status, or any other basis protected by law.

Pursuant to the San Francisco Fair Chance Ordinance, we will consider for employment qualified applicants with arrest and conviction records.

Zeta Global Recognized in Enterprise Marketing Software and Cross-Channel Campaign Management Reports by Independent Research Firm.

https://www.forbes.com/sites/shelleykohan/2024/06/1G/amazon-partners-with-zeta-global-to-deliver- gen-ai-marketing-automation/

https://www.cnbc.com/video/2024/05/06/zeta-global-ceo-david-steinberg-talks-ai-in-focus-at-milken- conference.html

https://www.businesswire.com/news/home/20240G04622808/en/Zeta-Increases-3Q%E2%80%GG24-Guidance

https://www.prnewswire.com/news-releases/zeta-global-opens-ai--data-labs-in-san-francisco-and-nyc- 300S45353.html

https://www.prnewswire.com/news-releases/zeta-global-recognized-in-enterprise-marketing-software-and-cross-channel-campaign-management-reports-by-independent-research-firm-300S38241.html

Responsibilities

We are looking for an exceptional Senior Automation Engineer to join our growing team. Embedded within the Product organization, you will lead the design and delivery of AI-powered automations that eliminate inefficiencies, amplify productivity, and enable our Product and Security teams to focus on high-value work and deliver meaningful business outcomes.

In this role, you will also be responsible to:

• Build AI-powered automation solutions. Design, implement, and maintain scalable, AI-driven automations that meaningfully improve productivity and efficiency across Product and Security processes.

• Drive process excellence. Identify and eliminate inefficiencies in Product and Security workflows, document best practices, and establish standards that support long-term operational health.

• Collaborate with stakeholders. Lead and participate in discovery and solution design sessions with Product and Security teams, ensuring automations are tightly aligned with business goals and user needs.

• Champion AI adoption. Actively explore and integrate AI capabilities into automation workflows, staying at the forefront of what's possible with tools like Workato and emerging AI technologies.

• Share knowledge. Document solutions, processes, and best practices to support team learning, onboarding, and ongoing maintenance.

• Invest in growth. Dedicate time to self-directed learning and research to stay current with AI and automation trends, continuously deepening your technical expertise.

• Develop the team. Mentor and guide junior engineers, fostering a culture of technical excellence, AI curiosity, and continuous improvement.

Requirements

Qualifications / Experience / Technical Skills

Required

• A background in information systems, computer science, engineering, or equivalent industry experience.
• 6+ years of experience in software engineering or technical consulting roles, with a focus on Workato or other integration platforms
• Ability to define and create architectures that are scalable and extensible, according to business requirements, environments, and limitations, adhering to standards, best practices
• Experience in enterprise integration tools like Workato, Mulesoft, Snaplogic, Deel Boomi, Oracle Integration Cloud, Tibco etc.
• Working experience with RESTful APIs, OAuth authentication, policies, api management, etc.
• Working experience with SQL in any RDBMS.
• Experience with Gen AI, such as OpenAI, Anthropic, and others, and Vector databases
• Experience working on projects using agile methodologies and experience in product management tools such as Jira 
• Experience building software and designing distributed solutions.
• Ability to work in the EMEA timezone (2pm to 11pm IST)

Ideal

• Experience in security and grc automations
• Experience in incident and change management processesExperience with AWS basic administration
• Experience in implementing integration projects involving complex enterprise systems (e.g., SAP, Oracle, Dynamics) and cloud business apps (e.g., Workday, NetSuite, Salesforce).
• Coding experience in Java/Python/Ruby, with knowledge of SOAP/XML, is considered a plus.
• Understanding of security best practices for integration and data handling.
• Experience in user experience (UX) design is a plus.

Soft Skills / Personal Characteristics

• Strong written and oral communication skills in English, enabling effective communication of complex technical concepts to diverse audiences.
• Technologically adept and quick to grasp new systems and concepts
• Collaborative team player with a proactive mindset, always seeking continuous improvement opportunities.
• Adaptability to thrive in a dynamic startup environment, coupled with proactive, outside-the-box thinking.
• Strong analytical and problem-solving skills.

(REQ ID: 2632)

We are seeking a highly motivated, detail-oriented, and proactive Senior IT Compliance Analyst to support Yext’s security assurance activities with customers, vendors, and internal teams. This role is responsible for responding to product security-related questions, completing security assessments and audit inquiries, and reviewing security and contract language to ensure compliance with Yext’s standards.

The ideal candidate will collaborate closely with Legal, Sales, and Security teams to ensure accurate, timely, and customer-focused responses while maintaining a strong compliance posture. They will bring deep knowledge of security frameworks, exceptional communication skills, and the ability to partner across business and technical teams to strengthen the organization’s overall security posture.

What You'll Do

Governance

• Contribute to the development and maintenance of IT & Security policies, standards, and controls.
• Support the annual control attestation process and provide the required evidence.
• Measure, track, and report on security metrics and key performance indicators (KPIs).
• Ensure ongoing alignment with regulatory and industry compliance requirements (e.g., SOC 2, HIPAA, GDPR, NIS2).
• Support responses to cyber insurance questionnaires by leveraging existing security controls, certifications, and policies.

Risk & Compliance Management

• Conduct risk assessments across systems, applications, and vendors, documenting and tracking outcomes.
• Collaborate with IT, Legal, and Security teams to design and implement mitigation strategies.
• Maintain a centralized repository of standardized security questionnaire responses and keep them current with implemented controls.
• Manage responses to client questionnaires and third-party audit inquiries with accuracy and professionalism.
• Serve as a key point of contact for clients, auditors, and external stakeholders on security-related matters.
• Prepare and provide audit-ready evidence for internal and external audits (SOC 2, SOX, ISO 27001, etc.).
• Partner with control owners to create and track corrective action plans, ensuring timely remediation.
• Identify and implement process improvements to increase efficiency in audit preparation, risk assessments, and responses.
• Provide actionable recommendations to management on enhancing security and compliance practices.

What You Have

• Bachelor’s degree in Information Security, Cybersecurity, Computer Science, Engineering, or related field; or equivalent experience.
• 5+ years of experience in information security, with a strong focus on audit and compliance management.
• Demonstrated experience conducting risk and compliance assessments.
• Proven success in managing client security questionnaires and third-party audits.
• Familiarity with industry and regulatory compliance frameworks (SOC 2, SOX, ISO 27001, NIST CSF, HIPAA, GDPR).
• Experience with GRC tools and technologies (e.g., OneTrust, SecurityScorecard, Bitsight, Archer, or similar).
• Advanced written and verbal communication skills, with the ability to engage confidently with executives, clients, and auditors.
• Professional certifications such as CISA, CRISC, CISM, CISSP, or CDPSE preferred.

Bonus Points

• Governance & Compliance Expertise – Deep knowledge of regulatory and industry frameworks (SOC 2, SOX, ISO 27001, NIST CSF, HIPAA, GDPR, NIST AI RMF).
• Risk Management – Ability to evaluate risks and support effective remediation strategies.
• Audit & Assessment Skills – Skilled in managing and supporting audits, assessments, and assurance activities.
• Client & Stakeholder Engagement – Strong ability to build trust and deliver timely, accurate responses.
• Communication – Excellent written and verbal skills; able to present technical issues clearly to non-technical audiences and executives.
• Cross-Functional Collaboration – Works effectively across IT, Security, Legal, and business teams.
• Project & Time Management – Strong organizational skills with the ability to balance multiple priorities.
• Continuous Improvement – Identifies opportunities to streamline assurance and compliance processes.
• Technical Acumen – Familiarity with GRC platforms (e.g., OneTrust, SecurityScorecard, Bitsight, Archer) and security tooling.
• Leadership & Influence – Capable of guiding stakeholders and influencing decisions.

Perks and Benefits

At Yext, we take pride in our diverse workforce and prioritize creating an engaged and connected working environment. Our ambitious mission is to transform the enterprise with AI search, and we know that to achieve that, we need a global team of innovators, visionary thought leaders, and enthusiastic collaborators passionate about making a meaningful impact in the world and contributing to an extraordinary culture.

We believe that people do their best when they feel their best — and to feel their best, they must be well-informed, fuelled, and rested. To ensure our employees are at their best, we offer a wide range of benefits and perks, including:

• Performance-Based Compensation: We offer an attractive bonus structure and stock options for eligible positions.
• Comprehensive Leave Package: Our leave package includes Paid Time Off (PTO), Parental Leave, Sick Leave, Casual Leave, Bereavement Leave, National Holidays, and Floating Holidays to ensure a healthy work-life balance.
• Health & Wellness Offerings: We provide medical insurance with 7L coverage, including enhanced parental and outpatient department (OPD) coverage for you, your spouse, two dependent children, and two parents (as applicable and subject to eligibility requirements).
• Relocation Benefits: We offer relocation assistance and an allowance to eligible candidates to help ease your transition.
• World-Class Office & Building Amenities: Our office has a top-notch infrastructure, including gaming rooms, a plush pantry, and breakout areas.

#LI-RK1