The Security Risk and Compliance Lead provides technical direction for the risk management and compliance functions within the Information Security team. This person will conduct activities ranging from policy, auditing, and risk analysis to overall risk mitigation. This individual will also build, develop, and maintain relationships with our internal stakeholders and external vendors to help mature and enhance our enterprise-wide compliance with security.
Responsible for all activities within the security compliance and risk management lifecycle. These activities include: risk analysis, auditing, mitigation, and governance & policy.
Develop, update, and monitor compliance with information security policies designed to ensure the confidentiality, integrity, and availability of Cvents systems and data.
Manage periodic independent security audits, i.e. ISO, PCI, SSAE16, SOX
Manage internal and client information security audits
Manage contract security terms and negotiation as needed
Oversee Cvents Security Product as a Service program to ensure products are developed in compliance with security standards and practices
Oversee due diligence, auditing, and monitoring of vendors and suppliers
Oversee Cvents periodic penetration tests and triage remediation for vulnerabilities identified
Leads efforts in developing/improving process, procedures, and documentation for all aspects of security
Desired Candidate Profile
5+ years of Information Security or related technology experience, preferably in a SaaS Product environment
Relevant security knowledge and experience in two or more of the following areas: compliance, risk management, incident response, threat intelligence, network/host intrusion detection, security operations
Demonstrated experience helping an organization successfully complete independent compliance audits under PCI, SOX, etc.
Well-versed in recognized security industry standards and leading practices, i.e. ISO, PCI, NIST, CIS, FedRamp,
Advanced knowledge of network protocols and operating systems (Windows, Unix, Linux, Databases)
Bachelors degree in Computer Science or Information Technology
CISSP or security-related certification is preferred
UG: B.Tech/B.E. - Any Specialization
Not Disclosed by Recruiter