Risk & Compliance Analyst

Company Description

Zayo provides mission-critical bandwidth to the world's most impactful companies, fueling the innovations that are transforming our society. Zayo's 141,000-mile network in North America and Europe includes extensive metro connectivity to thousands of buildings and data centers. Zayo's communications infrastructure solutions include dark fiber, private data networks, wavelengths, Ethernet, and dedicated Internet access. Zayo serves wireless and wireline carriers, media, tech, content, finance, healthcare and other large enterprises.

Zayo is seeking a Risk & Compliance Analyst to serve as the key liaison between our Security organization and our customers, focusing on responding to security-related customer inquiries and conducting contract reviews from a security, privacy, and compliance perspective. Our Risk & Compliance Analyst will directly support Zayo's mission to maintain customer trust, protect Zayo's security and compliance posture within contractual obligations, and demonstrate transparency in how we manage and protect data. Our ideal Risk & Compliance Analyst will have a strong background in compliance, risk management, audit, and customer experience within a regulated environment.

This role requires strong communication skills, an understanding of security principles, and familiarity with compliance frameworks. Knowledge of Governance, Risk, and Compliance (GRC) and Audit practices and experience with ServiceNow is highly desirable. Exceptional communication skills, attention to detail, and leadership abilities are essential for success in this role.

*We're open to this position working remotely within the United States.

Responsibilities:

• Serve as the primary point of contact for customer security inquiries and contract language reviews during the RFP, onboarding, and retention stages of the customer lifecycle, utilizing ServiceNow for ticketing and case management

• Respond to customer security questionnaires, due diligence requests, and trust-related inquiries in a timely and accurate manner

• Coordinate with internal stakeholders (Security, Legal, Sales, Engineering, etc.) to gather and validate information required for customer responses

• Maintain accurate documentation of responses and ensure consistency across all customer-facing communications

• Provide support during customer audits, certifications, or security assessments

• Review and provide security and compliance focused feedback on data protection clauses, information security appendices, and regulatory obligations (e.g., SCCs, Schrems II) in customer contracts, Data Processing Agreements (DPAs), and Master Service Agreements (MSAs)

• Collaborate with Legal and Security teams to negotiate or redline security clauses and ensure alignment with company standards and capabilities

• Identify contractual risks and assist in developing mitigation strategies where necessary

• Support internal teams in understanding and operationalizing contractual security obligations

• Assist in mapping customer requirements to internal controls and policies

• Support evidence gathering for internal or external audits and compliance initiatives

• Contribute to maintaining customer trust documentation, such as SOC 2 reports, ISO certifications, and penetration test summaries

• Collaborate in the development of training materials and resources and conduct training sessions for internal teams on customer trust and audit-related processes and requirements

• Contribute to the development and implementation of audit readiness and response strategies

• Escalate issues and challenges in a timely and effective manner

Qualifications:

• Bachelor's degree in Cybersecurity, Information Systems, Business, or a related field, or equivalent experience

• Minimum of five (5) years of experience in a security, audit, or trust-related role, preferably in telecommunications or technology

• Familiarity with key security and privacy frameworks (e.g., ISO 27001, SOC 2, NIST, GDPR). Unified Compliance Framework (UCF) experience is a plus

• Strong understanding of audit processes and compliance standards

• Excellent organizational and project management skills

• Strong written and verbal communication and interpersonal skills with cross-functional collaboration experience

• Strong knowledge of regulatory frameworks (e.g., Telecom, GDPR, NIST) depending on industry

• Exceptional analytical, investigative, and problem-solving skills

• High integrity with the ability to handle confidential and sensitive information

• Detail-oriented with a focus on accuracy and thoroughness

• Ability to handle multiple priorities in a fast-paced environment

Preferred:

• Experience reviewing or negotiating contract language related to security, privacy, and compliance, strongly preferred

• Knowledge of GRC tools and methodologies

• Industry certifications such as CISA, CIPP, or Security+ are a plus

• Proficiency in Google Workspace (formerly G Suite), Microsoft 365/SharePoint, and ServiceNow

Expected Base Salary Range: $95,800 - $136,900 USD/annually

The base pay range shown is a guideline and reasonable estimate for this role. It takes into account the wide variety of factors that are considered in making compensation decisions. Actual compensation offered may vary from the posted range based upon geographic location, work experience, skill level, certifications, and other business and organizational needs. Non- sales roles may be eligible to participate in a discretionary annual incentive plan. Sales roles may be eligible to participate in a sales incentive plan.

Additionally, this position may be eligible for certain benefits, such as health insurance, life insurance, disability retirement plans, paid time off.

The posting will be active for a minimum of 3 days. The active posting will continue to extend by 3 days until the position is filled.

Benefits, Rewards & Wellness

• Excellent Health, Dental & Vision Insurance

• Retirement 401(k) Savings Plan

• Generous paid time off policy including paid parental leave

Zayo provides equal employment opportunities to all employees and applicants for employment and prohibits discrimination and harassment of any type without regard to race, color, religion, age, sex, national origin, disability status, genetics, protected veteran status, sexual orientation, gender identity or expression, or any other characteristic protected by federal, state, provincial or local laws.

This policy applies to all terms and conditions of employment, including recruiting, hiring, placement, promotion, termination, layoff, recall, transfer, leaves of absence, compensation and training.