About the role:
Provide support for projects and operational tasks associated with Cvent's information security governance, risk management, and audit and compliance programs
In This Role, You Will:
- Participate in internal security assessments and security reviews; conduct security risk analysis of business processes and technology solutions to evaluate whether they comply with internal security policies and standards as well as regulatory / industry requirements and security best practices
- Support development of and monitor progress on security risk treatment plans by risk owners; support regular risk and progress reporting to leadership stakeholders
- Support annual security compliance audits (e.g., PCI DSS, SSAE 18/SOC 1/SOC 2, ISO 27001:2013)
- Support the third-party/vendor security risk assessment process; monitor and report on progress of third-party/vendor security risk treatment activities by business owners
- Support the Sales process by participating in customer-initiated security due diligence and/or vendor qualification audits, reviewing security terms in customer contracts, and helping to respond to security questionnaires and documentation requests from customers
- Support development of technical solutions and processes to automate or streamline repeatable security risk assessment, audit, customer questionnaire response activities and workflows
- Assist with maintenance of information security program documentation consisting of information security policies, standards, and guidelines, and coordinating management ratification of policies and standards at regular intervals
- Participate in improving the overall Security culture across Cvent; contribute to employee security awareness campaigns and educational activities to address areas of potential risk and/or gaps in compliance
Heres What You Need:
- 1–4 years of demonstrable experience in security risk management, auditing and compliance, with a focus on supporting security risk assessments and security audit and compliance activities
- Good interpersonal communication skills with experience and confidence in collaborating with internal and external partners and stakeholders to develop productive relationships and achieve positive security risk management outcomes
- Ability to learn quickly with a willingness to take ownership for new projects and learning new technologies and methodologies
- Good understanding of industry standards for compliance such as ISO 27001:2013, PCI DSS, and SSAE 18 SOC 1 / SOC 2 attestation standards
- Basic understanding of risk assessment methodologies and best practices
- Ability and willingness to produce and maintain documentation and reports, specifically developing policies, standards, risk assessment reports, and other forms of Security Risk Management Program documentation
- Proficiency with productivity and collaboration tools, such as Microsoft Office, Slack, Box, and Zoom
- Excellent presentation and written communications skills and a team-focused attitude
- Possess or actively seeking information security or IT audit certifications, such as CISSP, CISA, CISM CRISC, or their equivalent
