Cvent - Senior Analyst - Risk & Compliance (1-2 yrs)

Cvent is a leading meetings, events, and hospitality technology provider with more than 4,800 employees and ~22,000 customers worldwide, including 53% of the Fortune 500.

Founded in 1999, Cvent delivers a comprehensive event marketing and management platform for marketers and event professionals and offers software solutions to hotels, special event venues and destinations to help them grow their group/MICE and corporate travel business.

Our technology brings millions of people together at events around the world.

In short, we're transforming the meetings and events industry through innovative technology that powers human connection.

The DNA of Cvent is our people, and our culture has an emphasis on fostering intrapreneurship - a system that encourages Cventers to think and act like individual entrepreneurs and empowers them to take action, embrace risk, and make decisions as if they had founded the company themselves.

At Cvent, we value the diverse perspectives that each individual brings.

Whether working with a team of colleagues or with clients, we ensure that we foster a culture that celebrates differences and builds on shared connections.

About the role:

- Cvent's global information security organization is seeking to hire a Security Analyst to join its Security Risk and Compliance team.

- The role will provide support for information security governance, risk management, and audit and compliance activities across Cvent.

What You Will Be Doing:

- Provide support for projects and operational tasks associated with Cvent's information security governance, risk management, and audit and compliance programs.

Duties will include, but may not be limited to:

- Plan and execute SOC 1 and SOC 2 audits, including defining audit scope, objectives, and methodologies.

- Conduct detailed testing of internal controls related to IT systems & Infrastructure.

- Prepare comprehensive reports/documents summarizing findings, including control deficiencies and recommendations for remediation.

- Ensure audits are conducted in compliance with relevant standards, including AICPA guidelines, and applicable regulatory requirements.

- Stay up-to-date with changes in SOC standards, industry best practices, and emerging risks.

- Perform testing of IT general controls on ICFR.

- Support annual security compliance and regulatory audits (e.g, PCI DSS, ISO 27001:2013, ISO 27701, TXRAMP etc).

- Should be able to perform effective Risk Management of IT systems and processes, ensuring compliance with regulatory standards and mitigating potential security threats.

- Support the third-party/vendor security risk assessment process; monitor and report on progress of third-party/vendor security risk treatment activities by business owners.

- Assist with maintenance of information security program documentation consisting of information security policies, standards, and guidelines, and coordinating management ratification of policies and standards at regular intervals.

- Participate in improving the overall Security culture across Cvent; contribute to employee security awareness campaigns and educational activities to address areas of potential risk and/or gaps in compliance.

What You Need for this Position:

- 4-8 years of demonstrable experience in security risk management, auditing and compliance, with a focus on supporting security risk assessments and security audit and compliance activities.

- Good interpersonal communication skills with experience and confidence in collaborating with internal and external partners and stakeholders to develop productive relationships and achieve positive security risk management outcomes.

- Ability to learn quickly with a willingness to take ownership for new projects and learning new technologies and methodologies.

- Strong understanding of SOC 1 and SOC 2 frameworks and requirements.

- Proficiency in auditing principles, internal controls, and risk management.

- Good understanding of industry standards for compliance such as ISO 27001:2013, ISO 27701, PCI DSS, and SSAE 18 SOC 1 / SOC 2 attestation standards.

- Basic understanding of risk assessment methodologies and best practices.

- Ability and willingness to produce and maintain documentation and reports, specifically developing policies, standards, risk assessment reports, and other forms of Security Risk Management Program documentation.

- Proficiency with productivity and collaboration tools, such as Microsoft Office, Slack, Box, and Zoom.

- Excellent presentation and written communications skills and a team-focused attitude.

- Possess or actively seeking information security or IT audit certifications, such as CISSP, CISA, CISM CRISC, or their equivalent.