Lead Analyst, Risk

Job Description Overview We are seeking a proactive, technically skilled Lead Analyst to join our Information Security Risk & Compliance team in Gurgaon. Ideal candidates have 6-8 years of experience in information security risk management and will primarily lead and mature Cvent's Third-Party Risk (TPRM) program end-to-end. You will also provide secondary support across broader GRC activities, partnering with cross-functional teams to enable timely risk decisions and strengthen our overall posture. This is a hands-on role with significant stakeholder engagement and opportunity to drive measurable impact. In This Role, You Will Security Risk Management & Compliance - Enhance the Vendor Risk Assessment Program to mature assessment approach, monitoring processes, re-evaluation criteria and adopt a customized and AI-driven vendor security score card. - Perform third-party vendor security assessments, many of which focus on security controls for data and app integrations, AI tools, AI related technologies (MCPs, LLMs etc), newer technologies, and SAAS tools. - Perform comprehensive Technical Risk assessments and compliance evaluations for internal projects, internal systems, Cvent products, many of which focus on AI systems and AI project implementations. - Support day-to-day security risk and compliance management tasks to support achievement of team objectives and an agile business climate. - Support development of technical and AI-driven solutions and processes to automate or streamline repeatable security risk assessment, audits and contract management. - Manage the end-to-end risk lifecycle, including risk identification, and a focus on identifying technical risk treatment plans in collaboration with cross functional teams to recommend technical- and process-based mitigations and drive risk monitoring. - Establish and maintain day-to-day and management level reporting for Risk Assessments. - Lead and facilitate regional and global certification audits (e.g., ISO 27001, ISO 27701, SOC 2, PCI-DSS) by collecting evidence, implementing automated data aggregation processes, and tracking remediation efforts to ensure compliance. - Provide daily operational support for compliance initiatives, ensuring timely execution of projects and alignment with organizational security objectives. - Conduct identity and access control reviews to validate user permissions and enforce least privilege principles, including periodic review of AI agent and service account permissions. - Contribute to the development, refinement, and implementation of security policies, standards, and procedures, emphasizing automation-driven workflows and actionable reporting for enhanced efficiency and incorporating AI governance guidelines to ensure responsible use and transparency. - Leverage, fine-tune and maintain security automation tools (e.g., for automated control testing, workflow orchestration) to optimize risk management and compliance processes, reducing manual overhead and improving scalability. - Conduct customer contract reviews; partner with Sales and Legal to ensure contractual language is negotiated consistent with Cvent's security policies, practices and capabilities Here's What You Need - Bachelor's degree in Computer Science, Information Technology, Cybersecurity, or a related field (Master's preferred). - 6-8 years of experience in information security, with hands-on exposure to risk management, technology and vendor/supply chain security assessments, and audit and compliance. - Experience implementing security practices and controls from leading security standards and regulatory requirements for SaaS/cloud environments such as ISO 27001, SOC 2 Type II, PCI-DSS, and GDPR. - Familiarity with AI/ML risk management concepts and the secure adoption of automation in security processes. - Strong interpersonal communication skills with experience and confidence in collaborating with internal and external partners and stakeholders to develop productive relationships and achieve positive security risk management outcomes. - Ability to learn quickly with a willingness to take ownership for new projects and learning new technologies and methodologies - Experience using security automation tools (e.g., GRC platforms, automated evidence collection, workflow automation). - Strong analytical, problem-solving, and communication skills; able to explain technical concepts to both technical and non-technical audiences. - Collaborative, adaptable, and eager to learn in a fast-paced, global environment. Good To Have - Understanding of AI/ML concepts, including model development, training, and deployment. - Familiarity with Generative AI (GenAI) risks, such as prompt injection, data leakage, model bias, and adversarial attacks. - Experience with AI guardrails, including input/output sanitization, audit trail logging, and model vulnerability scanning. - Knowledge of cloud security frameworks (e.g., AWS, Azure, GCP) for securing AI/ML deployments. - Experience integrating AI-powered tools into existing security and compliance workflows. - Ability to design scalable, automation-driven processes to reduce manual overhead.