Lead Analyst, Risk & Compliance

Overview

In This Role, You Will

Security Risk Management & Compliance

• Enhance the Vendor Risk Assessment Program to mature assessment approach, monitoring processes, re-evaluation criteria and adopt a customized and AI-driven vendor security score card.
• Perform third-party vendor security assessments, many of which focus on security controls for data and app integrations, AI tools, AI related technologies (MCPs, LLMs etc), newer technologies, and SAAS tools.
• Perform comprehensive Technical Risk assessments and compliance evaluations for internal projects, internal systems, Cvent products, many of which focus on AI systems and AI project implementations.
• Support day-to-day security risk and compliance management tasks to support achievement of team objectives and an agile business climate.
• Support development of technical and AI-driven solutions and processes to automate or streamline repeatable security risk assessment, audits and contract management.
• Manage the end-to-end risk lifecycle, including risk identification, and a focus on identifying technical risk treatment plans in collaboration with cross functional teams to recommend technical- and process-based mitigations and drive risk monitoring.
• Establish and maintain day-to-day and management level reporting for Risk Assessments.
• Lead and facilitate regional and global certification audits (e.g., ISO 27001, ISO 27701, SOC 2, PCI-DSS) by collecting evidence, implementing automated data aggregation processes, and tracking remediation efforts to ensure compliance.
• Provide daily operational support for compliance initiatives, ensuring timely execution of projects and alignment with organizational security objectives.
• Conduct identity and access control reviews to validate user permissions and enforce least privilege principles, including periodic review of AI agent and service account permissions.
• Contribute to the development, refinement, and implementation of security policies, standards, and procedures, emphasizing automation-driven workflows and actionable reporting for enhanced efficiency and incorporating AI governance guidelines to ensure responsible use and transparency.
• Leverage, fine-tune and maintain security automation tools (e.g., for automated control testing, workflow orchestration) to optimize risk management and compliance processes, reducing manual overhead and improving scalability.
• Conduct customer contract reviews; partner with Sales and Legal to ensure contractual language is negotiated consistent with Cvent’s security policies, practices and capabilities
  

Here's What You Need

• Bachelor’s degree in Computer Science, Information Technology, Cybersecurity, or a related field (Master’s preferred).
• 6-8 years of experience in information security, with hands-on exposure to risk management, technology and vendor/supply chain security assessments, and audit and compliance.
• Experience implementing security practices and controls from leading security standards and regulatory requirements for SaaS/cloud environments such as ISO 27001, SOC 2 Type II, PCI-DSS, and GDPR.
• Familiarity with AI/ML risk management concepts and the secure adoption of automation in security processes.
• Strong interpersonal communication skills with experience and confidence in collaborating with internal and external partners and stakeholders to develop productive relationships and achieve positive security risk management outcomes.
• Ability to learn quickly with a willingness to take ownership for new projects and learning new technologies and methodologies
• Experience using security automation tools (e.g., GRC platforms, automated evidence collection, workflow automation).
• Strong analytical, problem-solving, and communication skills; able to explain technical concepts to both technical and non-technical audiences.
• Collaborative, adaptable, and eager to learn in a fast-paced, global environment.
  

Good To Have

• Understanding of AI/ML concepts, including model development, training, and deployment.
• Familiarity with Generative AI (GenAI) risks, such as prompt injection, data leakage, model bias, and adversarial attacks.
• Experience with AI guardrails, including input/output sanitization, audit trail logging, and model vulnerability scanning.
• Knowledge of cloud security frameworks (e.g., AWS, Azure, GCP) for securing AI/ML deployments.
• Experience integrating AI-powered tools into existing security and compliance workflows.
• Ability to design scalable, automation-driven processes to reduce manual overhead.