Cvent - Analyst - Risk & Compliance

About the job:

- Cvent is a leading meetings, events, and hospitality technology provider with more than 4,800 employees and ~22,000 customers worldwide, including 53% of the Fortune 500.

- Founded in 1999, Cvent delivers a comprehensive event marketing and management platform for marketers and event professionals and offers software solutions to hotels, special event venues and destinations to help them grow their group/MICE and corporate travel business.

- Our technology brings millions of people together at events around the world.

- In short, we're transforming the meetings and events industry through innovative technology that powers human connection.

- The DNA of Cvent is our people, and our culture has an emphasis on fostering intrapreneurship - a system that encourages Cventers to think and act like individual entrepreneurs and empowers them to take action, embrace risk, and make decisions as if they had founded the company themselves.

- At Cvent, we value the diverse perspectives that each individual brings.

- Whether working with a team of colleagues or with clients, we ensure that we foster a culture that celebrates differences and builds on shared connections.

- Provide support for projects and operational tasks associated with Cvent's information security governance, risk management, and audit and compliance programs.

Customer Risk and Security Management (60%):

- Support the Sales process by diligently completing customer-initiated security due diligence and/or vendor security questionnaire.

- Participate and lead customer initiated security audits, including collection of security evidences, audit meetings and gap remediation

- Reviewing security terms in customer contracts and negotiating the terms with customers and internal stakeholders

- Present initiatives for improving the overall security support process of customers by introducing automation, new tooling, current process improvements and internal process refinements

Enterprise Risk and Security Management (40%):

- Lead the third-party/vendor security risk assessment process to monitor and report on progress of third-party/vendor security risk assessments, including product and API integrations, support services actively monitor identified risks for resolution initiate improvements into the current processes and reporting keep the data sanitized in the databases for Vendor Security Assessments

- Participate in internal security assessments and security reviews; conduct security risk analysis of business processes and technology solutions to evaluate whether they comply with internal security policies, industry frameworks, security best practices as well as regulatory / industry requirements.

- Support development of and monitor progress on security risk treatment plans by risk owners;

- Support regular risk and progress reporting to leadership stakeholders.

- Support annual security compliance audits (e.G., PCI DSS, SSAE 18/SOC 1/SOC 2, ISO 27001:2013, ISO 27701:2019, SOX).

- Support enhancement of overall security culture across Cvent; contribute to employee security awareness campaigns and educational activities to address areas of potential risk and/or gaps in compliance

- 4-6 years of demonstrable experience in security risk management, auditing and compliance, with a focus on supporting security risk assessments and security audit and compliance activities.

- Good interpersonal communication skills with experience and confidence in collaborating with internal and external partners and stakeholders to develop productive relationships and achieve positive security risk management outcomes.

- Ability to learn quickly with a willingness to take ownership for new projects and learning new technologies and methodologies.

- Good understanding of industry standards for compliance such as ISO 27001:2013, PCI DSS, SSAE 18 SOC 1 / SOC 2 and SOX is desirable.

- Awareness of risk assessment methodologies and best practices.

- Ability and willingness to produce and maintain documentation and reports, specifically developing policies, standards, risk assessment reports, and other forms of Security Risk Management Program documentation.

- Proficiency with productivity and collaboration tools, such as Microsoft Office, Slack, Box, and Zoom

- Excellent presentation and written communications skills and a team-focused attitude.

- Possess or actively seeking information security or IT audit certifications, such as CISSP, CISA, CISM CRISC, or their equivalent