Security Risk & Compliance Analyst

Role & responsibilities

Security Analyst, Risk & Compliance

Job Description

Cvents global information security organization is seeking to hire a Security Analyst to join its Security Risk and Compliance team. The role will provide support for information security governance, risk management, and audit and compliance activities across Cvent.

What You Will Be Doing

Provide support for projects and operational tasks associated with Cvents information security governance, risk management, and audit and compliance programs. Duties will include, but may not be limited to:

• Plan and execute SOC 1 and SOC 2 audits, including defining audit scope, objectives, and methodologies.
• Conduct detailed testing of internal controls related to IT systems & Infrastructure.
• Prepare comprehensive reports/documents summarizing findings, including control deficiencies and recommendations for remediation.
• Ensure audits are conducted in compliance with relevant standards, including AICPA guidelines, and applicable regulatory requirements.
• Stay up-to-date with changes in SOC standards, industry best practices, and emerging risks.
• Perform testing of IT general controls on ICFR
• Support annual security compliance and regulatory audits (e.g., PCI DSS, ISO 27001:2013, ISO 27701, TXRAMP etc).
• Should be able to perform effective Risk Management of IT systems and processes, ensuring compliance with regulatory standards and mitigating potential security threats.
• Support the third-party/vendor security risk assessment process; monitor and report on progress of third-party/vendor security risk treatment activities by business owners.
• Assist with maintenance of information security program documentation consisting of information security policies, standards, and guidelines, and coordinating management ratification of policies and standards at regular intervals.
• Participate in improving the overall Security culture across Cvent; contribute to employee security awareness campaigns and educational activities to address areas of potential risk and/or gaps in compliance.

What You Need for this Position

• 4-8 years of demonstrable experience in security risk management, auditing and compliance, with a focus on supporting security risk assessments and security audit and compliance activities.
• Good interpersonal communication skills with experience and confidence in collaborating with internal and external partners and stakeholders to develop productive relationships and achieve positive security risk management outcomes.
• Ability to learn quickly with a willingness to take ownership for new projects and learning new technologies and methodologies.
• Strong understanding of SOC 1 and SOC 2 frameworks and requirements.
• Proficiency in auditing principles, internal controls, and risk management.
• Good understanding of industry standards for compliance such as ISO 27001:2013, ISO 27701, PCI DSS, and SSAE 18 SOC 1 / SOC 2 attestation standards.
• Basic understanding of risk assessment methodologies and best practices.
• Ability and willingness to produce and maintain documentation and reports, specifically developing policies, standards, risk assessment reports, and other forms of Security Risk Management Program documentation.
• Proficiency with productivity and collaboration tools, such as Microsoft Office, Slack, Box, and Zoom.
• Excellent presentation and written communications skills and a team-focused attitude.
• Possess or actively seeking information security or IT audit certifications, such as CISSP, CISA, CISM CRISC, or their equivalent.