Cvent is an exciting, fast-growing tech company that provides industry-leading software to event professionals around the world. Our suite of services – online event registration, venue selection, mobile apps, email marketing, web surveys, and targeted hotel advertising opportunities – have positioned us a major player in the estimated $565 billion global meetings and events industry.
Cvent's rapidly growing information security organization is seeking to hire a hands-on Enterprise Risk Program Manager to join its Information Security Risk Management and Compliance team. The role will provide guidance, leadership and support for maturing and optimizing information security risk management across Cvent's expanding global footprint.
What You Will Be Doing
- Provide leadership, innovation, governance, and management necessary to identify, evaluate, mitigate, and monitor the company's operational and strategic risks related to IT Security.
- Develop Enterprise Risk Management processes, methodologies, practices, and policies to identify analyze and report enterprise security risks.
- Ensure the organization's information security risk management policies and strategies are in compliance with applicable frameworks like PCI DSS, ISO 27001, SOC2, applicable regulations, rating agency standards, and strategic imperatives of the organization.
- Establish the Enterprise Security Information Risk Management architecture for the company.
- Understand the business domain, workflows and keep up with the agility of the processes for continuous risk assessments
- Collaborate with cross-functional teams to identify departmental processes and associated Data Security risks.
- Leverage existing tools and bring on new tools to strengthen the security risk management process and provide enhancements and improved analysis and reporting capabilities
- Serve as a liaison subject matter expert for the enterprise for evaluating and analyzing reported potential security risks
- Liaison with project teams to identify risks in their processes, tools and day to day activities.
- Oversee or monitor all operational information security risk management activities of the organization on an ongoing basis.
- Monitor and analyze risks within the company's business units and reports on these risks.
- Perform other duties as assigned
What You Need for this Position
- 6+ years of demonstrable experience in security risk and compliance, enterprise IT security risk management in a highly technical, fast-paced, global businesses.
- Strong individual leadership and interpersonal abilities geared towards getting things done, including experience communicating and developing partnerships at many levels of a technology-driven organization.
- Self-driven, motivated and the determination to own projects
- Strong understanding of, and past implementation and experience with risk assessments and risk methodologies.
- Knowledge of ISO 27001:2013, PCI DSS, and SSAE 18 SOC 1 / SOC 2 attestation standards, as well as global regulations relevant to information security and data protection, such as U.S. federal and state statutes, the EU General Data Protection Regulation, and PIPEDA.
- Experience performing information security assessments in the global high-tech industry; demonstrable and deep understanding of common security controls, processes and technical solutions to safeguard network, system, application and data in on-premise and cloud environments.
- Experience in developing information security policies, standards and other forms of information security risk program documentation.
- Excellent verbal, presentation and written communications skills and a team-focused attitude.
- Active information security or IT audit certifications, such as CISSP, RIMS-CRMP, CISA, CISM CRISC, or their equivalent are preferred.
- Preferred experience of deploying information security risk programs in a product based company.
- Strong risk-based approach and analytical skills
- Preferred Project management skills
Apply on company website