As described by Monero Research Lab academic Shen Noether with regard to the anonymity set:

Monero (although the zcash proponents note that a ring signature is a "smaller" anonymity set, they usually don't mention that the stealth address factor actually means that each transaction is masked, whereas the ring signatures provide additional plausible deniability, furthermore, since keys appear in different ring signatures in different blocks in time, the anonymity set for when a given key is spent grows infinitely, and could eventually grow larger than the zcash anonymity set at any fixed instant in time) vs Zcash (anonymity set is the entire blockchain)

The above quote demonstrates that while a Monero ring signature may be a "smaller" anonymity set, stealth addresses mask the receivers identity while the ring signature guarantees plausible deniability. When RingCT is activated in January, 2017 the amount of Monero spent in each RingCT transaction will also become protected.

Zcash uses much newer zero-knowledge proof cryptography called zk-SNARKs. Thanks to zk-SNARKs nodes do not need to store signatures or public keys forever on the blockchain. All transaction data is completely private, including metadata which is encrypted:

Instead of publicly demonstrating spend-authority and transaction values, the transaction metadata is encrypted

Ring signatures are much older than zk-SNARKs and have had many years of extensive peer review. With RingCT, which combine Monero ring signatures and Confidential Transaction As developed for Bitcoin by Greg Maxwell Monero transaction amounts will be hidden and Kovri (I2P C++ implementation) will hide IP addresses. MRL has spend a lot of time researching RingCT and Monero now has funded an experienced full time I2P developer to work Kovri.

Perhaps the biggest security risk with Zcash is the possibility of collusion among those participating in the trusted setup. If all parties involved in the "trusted setup collude (either willingly or under duress) then there would become a possibility for the creation of an unlimited number of coins without detection. Zcash is so private that even the coin supply cannot be verified if the trusted setup described above fails.

Monero did not require a "trusted setup" and total coin supply is easily verifiable on the blockchain in real time. Therefore any exploit altering the Monero coin supply (other than ordinary coinbase transactions) would immediately be noticed.

More details on trustless vs trusted systems and the risks associated with a trusted setup can be found here. In the case of Zcash, only six people participated in the trusted setup process:

The ceremony used a multi-party computation protocol with the property that the resulting parameters are secure unless all of the participants were dishonest or compromised during the ceremony.

This setup process has been received a lot of criticism, and even some critique from one of the best known Zcash advisors, Vitalik Buterin but with a subsequent edit to clarify that he still thinks the risk of compromise is quite low:

I actually recommended a different process for the trusted setup - my preference was to not bother with the airgaps, DVDs, offline laptops, etc and make up for it by having 20-30 participants instead of six and make sure they come from different countries, backgrounds, etc. I got this instinct from my experience managing the ethereum foundation wallet - our original setup was 3-of-4 but had lots of fancy secret sharing, encryption, offline signing and other machinery on each device but at one point it nearly broke, and since then we're using a 4-of-7 hot wallet between online laptops, and I feel much more comfortable with the security of the latter. But these are only my views, not shared by everyone, and others of course have different opinions how the risks and benefits should be balanced. EDIT: just to be clear, I still personally think that the risks of the current setup having been compromised are quite low.

Peter Todd, one of the trusted setup participants was much more critical: