Senior Analyst, Risk & Compliance

Overview: Cvent is a leading meetings, events, and hospitality technology provider with more than 4,800 employees and ~22,000 customers worldwide, including 53% of the Fortune 500. Founded in 1999, Cvent delivers a comprehensive event marketing and management platform for marketers and event professionals and offers software solutions to hotels, special event venues and destinations to help them grow their group/MICE and corporate travel business. Our technology brings millions of people together at events around the world. In short, we re transforming the meetings and events industry through innovative technology that powers human connection. The DNA of Cvent is our people, and our culture has an emphasis on fostering intrapreneurship - a system that encourages Cventers to think and act like individual entrepreneurs and empowers them to take action, embrace risk, and make decisions as if they had founded the company themselves. At Cvent, we value the diverse perspectives that each individual brings. Whether working with a team of colleagues or with clients, we ensure that we foster a culture that celebrates differences and builds on shared connections. In This Role, You Will: Provide support for projects and operational tasks associated with Cvent s information security governance, risk management, and audit and compliance programs. Duties will include, but may not be limited to: Participate in internal security assessments and security reviews; conduct security risk analysis of business processes and technology solutions to evaluate whether they comply with internal security policies and standards as well as regulatory / industry requirements and security best practices. Support development of and monitor progress on security risk treatment plans by risk owners; support regular risk and progress reporting to leadership stakeholders. Support annual security compliance audits (e.g., PCI DSS, SSAE 18/SOC 1/SOC 2, ISO 27001:2013). Support the third-party/vendor security risk assessment process; monitor and report on progress of third-party/vendor security risk treatment activities by business owners. Support the Sales process by participating in customer-initiated security due diligence and/or vendor qualification audits, reviewing security terms in customer contracts, and helping to respond to security questionnaires and documentation requests from customers. Support development of technical solutions and processes to automate or streamline repeatable security risk assessment, audit, customer questionnaire response activitities and workflows. Assist with maintenance of information security program documentation consisting of information security policies, standards, and guidelines, and coordinating management ratification of policies and standards at regular intervals. Participate in improving the overall Security culture across Cvent; contribute to employee security awareness campaigns and educational activities to address areas of potential risk and/or gaps in compliance. Heres What You Need: 3-6 years of demonstrable experience in security risk management, auditing and compliance, with a focus on supporting security risk assessments and security audit and compliance activities. Good interpersonal communication skills with experience and confidence in collaborating with internal and external partners and stakeholders to develop productive relationships and achieve positive security risk management outcomes. Ability to learn quickly with a willingness to take ownership for new projects and learning new technologies and methodologies. Good understanding of industry standards for compliance such as ISO 27001:2013, PCI DSS, and SSAE 18 SOC 1 / SOC 2 attestation standards. Basic understanding of risk assessment methodologies and best practices. Ability and willingness to produce and maintain documentation and reports, specifically developing policies, standards, risk assessment reports, and other forms of Security Risk Management Program documentation. Proficiency with productivity and collaboration tools, such as Microsoft Office, Slack, Box, and Zoom. Excellent presentation and written communications skills and a team-focused attitude. Possess or actively seeking information security or IT audit certifications, such as CISSP, CISA, CISM CRISC, or their equivalent.