Recent successful cybersecurity attacks have exploited trust to compromise organizational information systems. Scholars and practitioners agree that the issue originates from the organizational perimeter security approach, within which perimeter trust is assumed. To improve the situation, building security principles on the idea that trust is not inherent but earned has been proposed, coined as Zero Trust. However, the current discussions spearheaded by technology-minded practitioners have focused mostly on trust at the network security and architecture levels, largely omitting the organizational aspects of security. To address this gap, we build on socio-technical approach and maturity models to develop a novel artifact with security experts, addressing the need for organizational Zero Trust through the Extended Zero Trust Maturity Model. Our research contributes to discussions on holistic information security management by extending the principles of Zero Trust from technical into socio-technical approach and responds to calls to reconsider foundational assumptions of IS security.