Security Risk and Compliance Analyst
Cvent | Information Technology | Gurgaon, Haryana
The Security Risk and Compliance Analyst provides technical direction for the risk management and compliance functions within the Information Security team. This person will conduct activities ranging from policy, auditing, and risk analysis to overall risk mitigation. This individual will also build, develop, and maintain relationships with our internal stakeholders and external vendors to help mature and enhance our enterprise-wide compliance with security.
- Responsible for all activities within the security compliance and risk management lifecycle. These activities include: risk analysis, auditing, mitigation, and governance & policy.
- Develop, update, and monitor compliance with information security policies designed to ensure the confidentiality, integrity, and availability of Cvent’s systems and data.
- Manage periodic independent security audits, i.e. ISO27001, PCI, SSAE18
- Manage internal and client information security audits
- Manage contract security terms and negotiation as needed
- Oversee Cvent’s Security Product as a Service program to ensure products are developed in compliance with security standards and practices
- Oversee due diligence, auditing, and monitoring & TPRA of vendors and suppliers
- Oversee Cvent’s periodic penetration tests and triage remediation for vulnerabilities identified
- Leads efforts in developing/improving process, procedures, and documentation for all aspects of security
- 3-5 years of Information Security or related technology experience, preferably in a SaaS Product environment
- Relevant security knowledge and experience in two or more of the following areas: Audit, compliance, risk management & GRC tools
- Demonstrated experience helping an organization successfully complete independent compliance audits under PCI, SOX, etc.
- Well-versed in recognized security industry standards and leading practices, i.e. ISO, PCI, NIST, CIS, FedRamp,
- Advanced knowledge of network protocols and operating systems (Windows, Unix, Linux, Databases)
- Bachelor’s degree in Computer Science or Information Technology
- CISSP or security-related certification is preferred