hero

Search open roles at our portfolio companies

companies
Jobs

Lead Analyst, Risk & Compliance

Splash

Splash

IT, Compliance / Regulatory
Gurugram, Haryana, India · India
Posted on Oct 17, 2025
Overview:

We are seeking a proactive, technically skilled Lead Analyst to join our Information Security Risk & Compliance team in Gurgaon. Ideal candidates have 6–8 years of experience in information security risk management and will primarily lead and mature Cvent’s Third-Party Risk (TPRM) program end-to-end. You will also provide secondary support across broader GRC activities, partnering with cross-functional teams to enable timely risk decisions and strengthen our overall posture. This is a hands-on role with significant stakeholder engagement and opportunity to drive measurable impact.


In This Role, You Will:

Security Risk Management & Compliance

  • Enhance the Vendor Risk Assessment Program to mature assessment approach, monitoring processes, re-evaluation criteria and adopt a customized and AI-driven vendor security score card.
  • Perform third-party vendor security assessments, many of which focus on security controls for data and app integrations, AI tools, AI related technologies (MCPs, LLMs etc), newer technologies, and SAAS tools.
  • Perform comprehensive Technical Risk assessments and compliance evaluations for internal projects, internal systems, Cvent products, many of which focus on AI systems and AI project implementations.
  • Support day-to-day security risk and compliance management tasks to support achievement of team objectives and an agile business climate.
  • Support development of technical and AI-driven solutions and processes to automate or streamline repeatable security risk assessment, audits and contract management.
  • Manage the end-to-end risk lifecycle, including risk identification, and a focus on identifying technical risk treatment plans in collaboration with cross functional teams to recommend technical- and process-based mitigations and drive risk monitoring.
  • Establish and maintain day-to-day and management level reporting for Risk Assessments.
  • Lead and facilitate regional and global certification audits (e.g., ISO 27001, ISO 27701, SOC 2, PCI-DSS) by collecting evidence, implementing automated data aggregation processes, and tracking remediation efforts to ensure compliance.
  • Provide daily operational support for compliance initiatives, ensuring timely execution of projects and alignment with organizational security objectives.
  • Conduct identity and access control reviews to validate user permissions and enforce least privilege principles, including periodic review of AI agent and service account permissions.
  • Contribute to the development, refinement, and implementation of security policies, standards, and procedures, emphasizing automation-driven workflows and actionable reporting for enhanced efficiency and incorporating AI governance guidelines to ensure responsible use and transparency.
  • Leverage, fine-tune and maintain security automation tools (e.g., for automated control testing, workflow orchestration) to optimize risk management and compliance processes, reducing manual overhead and improving scalability.
  • Conduct customer contract reviews; partner with Sales and Legal to ensure contractual language is negotiated consistent with Cvent’s security policies, practices and capabilities

Here's What You Need:

  • Bachelor’s degree in Computer Science, Information Technology, Cybersecurity, or a related field (Master’s preferred).
  • 6–8 years of experience in information security, with hands-on exposure to risk management, technology and vendor/supply chain security assessments, and audit and compliance.
  • Experience implementing security practices and controls from leading security standards and regulatory requirements for SaaS/cloud environments such as ISO 27001, SOC 2 Type II, PCI-DSS, and GDPR.
  • Familiarity with AI/ML risk management concepts and the secure adoption of automation in security processes.
  • Strong interpersonal communication skills with experience and confidence in collaborating with internal and external partners and stakeholders to develop productive relationships and achieve positive security risk management outcomes.
  • Ability to learn quickly with a willingness to take ownership for new projects and learning new technologies and methodologies
  • Experience using security automation tools (e.g., GRC platforms, automated evidence collection, workflow automation).
  • Strong analytical, problem-solving, and communication skills; able to explain technical concepts to both technical and non-technical audiences.
  • Collaborative, adaptable, and eager to learn in a fast-paced, global environment.
Good to have:
  • Understanding of AI/ML concepts, including model development, training, and deployment.
  • Familiarity with Generative AI (GenAI) risks, such as prompt injection, data leakage, model bias, and adversarial attacks.
  • Experience with AI guardrails, including input/output sanitization, audit trail logging, and model vulnerability scanning.
  • Knowledge of cloud security frameworks (e.g., AWS, Azure, GCP) for securing AI/ML deployments.
  • Experience integrating AI-powered tools into existing security and compliance workflows.
  • Ability to design scalable, automation-driven processes to reduce manual overhead.