Analyst, Risk and Compliance

About the role:

Provide support for projects and operational tasks associated with Cvent's information security governance, risk management, and audit and compliance programs

In This Role, You Will:

• Participate in internal security assessments and security reviews; conduct security risk analysis of business processes and technology solutions to evaluate whether they comply with internal security policies and standards as well as regulatory / industry requirements and security best practices
• Support development of and monitor progress on security risk treatment plans by risk owners; support regular risk and progress reporting to leadership stakeholders
• Support annual security compliance audits (e.g., PCI DSS, SSAE 18/SOC 1/SOC 2, ISO 27001:2013)
• Support the third-party/vendor security risk assessment process; monitor and report on progress of third-party/vendor security risk treatment activities by business owners
• Support the Sales process by participating in customer-initiated security due diligence and/or vendor qualification audits, reviewing security terms in customer contracts, and helping to respond to security questionnaires and documentation requests from customers
• Support development of technical solutions and processes to automate or streamline repeatable security risk assessment, audit, customer questionnaire response activities and workflows
• Assist with maintenance of information security program documentation consisting of information security policies, standards, and guidelines, and coordinating management ratification of policies and standards at regular intervals
• Participate in improving the overall Security culture across Cvent; contribute to employee security awareness campaigns and educational activities to address areas of potential risk and/or gaps in compliance

Heres What You Need:

• 14 years of demonstrable experience in security risk management, auditing and compliance, with a focus on supporting security risk assessments and security audit and compliance activities
• Good interpersonal communication skills with experience and confidence in collaborating with internal and external partners and stakeholders to develop productive relationships and achieve positive security risk management outcomes
• Ability to learn quickly with a willingness to take ownership for new projects and learning new technologies and methodologies
• Good understanding of industry standards for compliance such as ISO 27001:2013, PCI DSS, and SSAE 18 SOC 1 / SOC 2 attestation standards
• Basic understanding of risk assessment methodologies and best practices
• Ability and willingness to produce and maintain documentation and reports, specifically developing policies, standards, risk assessment reports, and other forms of Security Risk Management Program documentation
• Proficiency with productivity and collaboration tools, such as Microsoft Office, Slack, Box, and Zoom
• Excellent presentation and written communications skills and a team-focused attitude
• Possess or actively seeking information security or IT audit certifications, such as CISSP, CISA, CISM CRISC, or their equivalent