Lead Analyst, Risk & Compliance

Overview

We are seeking a proactive, technically skilled Lead Analyst to join our Information Security Risk & Compliance team in Gurgaon. Ideal candidates have 6-8 years of experience in information security risk management and will primarily lead and mature Cvent's Third-Party Risk (TPRM) program end-to-end. You will also provide secondary support across broader GRC activities, partnering with cross-functional teams to enable timely risk decisions and strengthen our overall posture. This is a hands-on role with significant stakeholder engagement and opportunity to drive measurable impact.

In This Role, You Will

Security Risk Management & Compliance

• Enhance the Vendor Risk Assessment Program to mature assessment approach, monitoring processes, re-evaluation criteria and adopt a customized and AI-driven vendor security score card.
• Perform third-party vendor security assessments, many of which focus on security controls for data and app integrations, AI tools, AI related technologies (MCPs, LLMs etc), newer technologies, and SAAS tools.
• Perform comprehensive Technical Risk assessments and compliance evaluations for internal projects, internal systems, Cvent products, many of which focus on AI systems and AI project implementations.
• Support day-to-day security risk and compliance management tasks to support achievement of team objectives and an agile business climate.
• Support development of technical and AI-driven solutions and processes to automate or streamline repeatable security risk assessment, audits and contract management.
• Manage the end-to-end risk lifecycle, including risk identification, and a focus on identifying technical risk treatment plans in collaboration with cross functional teams to recommend technical- and process-based mitigations and drive risk monitoring.
• Establish and maintain day-to-day and management level reporting for Risk Assessments.
• Lead and facilitate regional and global certification audits (e.g., ISO 27001, ISO 27701, SOC 2, PCI-DSS) by collecting evidence, implementing automated data aggregation processes, and tracking remediation efforts to ensure compliance.
• Provide daily operational support for compliance initiatives, ensuring timely execution of projects and alignment with organizational security objectives.
• Conduct identity and access control reviews to validate user permissions and enforce least privilege principles, including periodic review of AI agent and service account permissions.
• Contribute to the development, refinement, and implementation of security policies, standards, and procedures, emphasizing automation-driven workflows and actionable reporting for enhanced efficiency and incorporating AI governance guidelines to ensure responsible use and transparency.
• Leverage, fine-tune and maintain security automation tools (e.g., for automated control testing, workflow orchestration) to optimize risk management and compliance processes, reducing manual overhead and improving scalability.
• Conduct customer contract reviews; partner with Sales and Legal to ensure contractual language is negotiated consistent with Cvent's security policies, practices and capabilities

Here's What You Need

Good To Have

Skills Required

Risk Management, Gdpr, Iso 27001, Information Security