Lead Analyst, Risk

Overview: We are seeking a proactive, technically skilled Lead Analyst to join our Information Security Risk & Compliance team in Gurgaon. Ideal candidates have 6–8 years of experience in information security risk management and will primarily lead and mature Cvent’s Third-Party Risk (TPRM) program end-to-end. You will also provide secondary support across broader GRC activities, partnering with cross-functional teams to enable timely risk decisions and strengthen our overall posture. This is a hands-on role with significant stakeholder engagement and opportunity to drive measurable impact. In This Role, You Will: Security Risk Management & Compliance Enhance the Vendor Risk Assessment Program to mature assessment approach, monitoring processes, re-evaluation criteria and adopt a customized and AI-driven vendor security score card. Perform third-party vendor security assessments, many of which focus on security controls for data and app integrations, AI tools, AI related technologies (MCPs, LLMs etc), newer technologies, and SAAS tools. Perform comprehensive Technical Risk assessments and compliance evaluations for internal projects, internal systems, Cvent products, many of which focus on AI systems and AI project implementations. Support day-to-day security risk and compliance management tasks to support achievement of team objectives and an agile business climate. Support development of technical and AI-driven solutions and processes to automate or streamline repeatable security risk assessment, audits and contract management. Manage the end-to-end risk lifecycle, including risk identification, and a focus on identifying technical risk treatment plans in collaboration with cross functional teams to recommend technical- and process-based mitigations and drive risk monitoring. Establish and maintain day-to-day and management level reporting for Risk Assessments. Lead and facilitate regional and global certification audits (e.g., ISO 27001, ISO 27701, SOC 2, PCI-DSS) by collecting evidence, implementing automated data aggregation processes, and tracking remediation efforts to ensure compliance. Provide daily operational support for compliance initiatives, ensuring timely execution of projects and alignment with organizational security objectives. Conduct identity and access control reviews to validate user permissions and enforce least privilege principles, including periodic review of AI agent and service account permissions. Contribute to the development, refinement, and implementation of security policies, standards, and procedures, emphasizing automation-driven workflows and actionable reporting for enhanced efficiency and incorporating AI governance guidelines to ensure responsible use and transparency. Leverage, fine-tune and maintain security automation tools (e.g., for automated control testing, workflow orchestration) to optimize risk management and compliance processes, reducing manual overhead and improving scalability. Conduct customer contract reviews; partner with Sales and Legal to ensure contractual language is negotiated consistent with Cvent’s security policies, practices and capabilities Here's What You Need: Bachelor’s degree in Computer Science, Information Technology, Cybersecurity, or a related field (Master’s preferred). 6–8 years of experience in information security, with hands-on exposure to risk management, technology and vendor/supply chain security assessments, and audit and compliance. Experience implementing security practices and controls from leading security standards and regulatory requirements for SaaS/cloud environments such as ISO 27001, SOC 2 Type II, PCI-DSS, and GDPR. Familiarity with AI/ML risk management concepts and the secure adoption of automation in security processes. Strong interpersonal communication skills with experience and confidence in collaborating with internal and external partners and stakeholders to develop productive relationships and achieve positive security risk management outcomes. Ability to learn quickly with a willingness to take ownership for new projects and learning new technologies and methodologies Experience using security automation tools (e.g., GRC platforms, automated evidence collection, workflow automation). Strong analytical, problem-solving, and communication skills; able to explain technical concepts to both technical and non-technical audiences. Collaborative, adaptable, and eager to learn in a fast-paced, global environment. Good to have: Understanding of AI/ML concepts, including model development, training, and deployment. Familiarity with Generative AI (GenAI) risks, such as prompt injection, data leakage, model bias, and adversarial attacks. Experience with AI guardrails, including input/output sanitization, audit trail logging, and model vulnerability scanning. Knowledge of cloud security frameworks (e.g., AWS, Azure, GCP) for securing AI/ML deployments. Experience integrating AI-powered tools into existing security and compliance workflows. Ability to design scalable, automation-driven processes to reduce manual overhead. Security Risk Management & Compliance Enhance the Vendor Risk Assessment Program to mature assessment approach, monitoring processes, re-evaluation criteria and adopt a customized and AI-driven vendor security score card. Perform third-party vendor security assessments, many of which focus on security controls for data and app integrations, AI tools, AI related technologies (MCPs, LLMs etc), newer technologies, and SAAS tools. Perform comprehensive Technical Risk assessments and compliance evaluations for internal projects, internal systems, Cvent products, many of which focus on AI systems and AI project implementations. Support day-to-day security risk and compliance management tasks to support achievement of team objectives and an agile business climate. Support development of technical and AI-driven solutions and processes to automate or streamline repeatable security risk assessment, audits and contract management. Manage the end-to-end risk lifecycle, including risk identification, and a focus on identifying technical risk treatment plans in collaboration with cross functional teams to recommend technical- and process-based mitigations and drive risk monitoring. Establish and maintain day-to-day and management level reporting for Risk Assessments. Lead and facilitate regional and global certification audits (e.g., ISO 27001, ISO 27701, SOC 2, PCI-DSS) by collecting evidence, implementing automated data aggregation processes, and tracking remediation efforts to ensure compliance. Provide daily operational support for compliance initiatives, ensuring timely execution of projects and alignment with organizational security objectives. Conduct identity and access control reviews to validate user permissions and enforce least privilege principles, including periodic review of AI agent and service account permissions. Contribute to the development, refinement, and implementation of security policies, standards, and procedures, emphasizing automation-driven workflows and actionable reporting for enhanced efficiency and incorporating AI governance guidelines to ensure responsible use and transparency. Leverage, fine-tune and maintain security automation tools (e.g., for automated control testing, workflow orchestration) to optimize risk management and compliance processes, reducing manual overhead and improving scalability. Conduct customer contract reviews; partner with Sales and Legal to ensure contractual language is negotiated consistent with Cvent’s security policies, practices and capabilities Bachelor’s degree in Computer Science, Information Technology, Cybersecurity, or a related field (Master’s preferred). 6–8 years of experience in information security, with hands-on exposure to risk management, technology and vendor/supply chain security assessments, and audit and compliance. Experience implementing security practices and controls from leading security standards and regulatory requirements for SaaS/cloud environments such as ISO 27001, SOC 2 Type II, PCI-DSS, and GDPR. Familiarity with AI/ML risk management concepts and the secure adoption of automation in security processes. Strong interpersonal communication skills with experience and confidence in collaborating with internal and external partners and stakeholders to develop productive relationships and achieve positive security risk management outcomes. Ability to learn quickly with a willingness to take ownership for new projects and learning new technologies and methodologies Experience using security automation tools (e.g., GRC platforms, automated evidence collection, workflow automation). Strong analytical, problem-solving, and communication skills; able to explain technical concepts to both technical and non-technical audiences. Collaborative, adaptable, and eager to learn in a fast-paced, global environment. Good to have: Understanding of AI/ML concepts, including model development, training, and deployment. Familiarity with Generative AI (GenAI) risks, such as prompt injection, data leakage, model bias, and adversarial attacks. Experience with AI guardrails, including input/output sanitization, audit trail logging, and model vulnerability scanning. Knowledge of cloud security frameworks (e.g., AWS, Azure, GCP) for securing AI/ML deployments. Experience integrating AI-powered tools into existing security and compliance workflows. Ability to design scalable, automation-driven processes to reduce manual overhead.