Cyber Security Engineer - II at High Radius Consulting

Hyderabad, Telangana, India -

Full Time

Start Date

Immediate

Expiry Date

29 May, 26

Salary

0.0

Posted On

28 Feb, 26

Experience

2 year(s) or above

Remote Job

Yes

Telecommute

Yes

Sponsor Visa

Skills

GRC Platform Expertise, ServiceNow, Drata, Vanta, Sprinto, Technical Control Auditing, Cloud Security, Control Mapping, Unified Control Framework, ISO 27001, NIST CSF, PCI DSS, GDPR, ISO 42001, Policy Lifecycle Management, Audit Remediation

Industry

Software Development

Description

Job Title: CSE II - GRC AIMS Location: Hyderabad, Telangana Team: Cyber Security Risk & Compliance Job Summary: As a Governance, Risk, and Compliance (GRC) Engineer, candidate will be the architect of our AI security framework, ensuring that our technical operations align perfectly with legal and regulatory requirements. You won’t just be "checking boxes"; you will be building the systems that automate compliance, manage risk, and foster a culture of security awareness across the organization. The ideal candidate bridges the gap between high-level policy and technical implementation, turning complex compliance standards into actionable technical controls. Responsibilities: 1. GRC Tool Management You will be managing the GRC platform and perform activities: Configuring and managing workflows for AI risk assessments and Policies Maintaining the platform’s operational work. 2. Unified Control Framework (UCF) & Mapping You will maintain a Unified Control Framework. Mapping internal controls across multiple standards such as ISO 27001, SOC2, NIST CSF, PCI DSS, AIMS, PIMS, GDPR etc. Eliminating redundant testing by applying a "test once, comply many" philosophy. 3. Policy Lifecycle Management You will oversee the entire "birth-to-retirement" process of organizational policies including AI Policies. Drafting, reviewing, and updating security policies, Procedures and standards. Ensuring policies, Procedures and Standards are effectively communicated and signed by relevant stakeholders. Aligning technical standards with evolving business goals and threat landscapes. 4. Audit Remediation Program When gaps are identified, you lead the charge in fixing them. Tracking findings from internal and external audits. Partnering with multiple teams to design and implement remediation plans. Validating that fixes are effective and sustainable. 5. Cybersecurity Scorecard & Reporting You will update and track the metrics that tell the story of our security posture. Developing real-time dashboards for Cyber Security Scores. 6. Security Awareness & Phishing Program Security is a human challenge as much as a technical one. Designing and deploying quarterly phishing simulations. Developing engaging security training content tailored to different departments. Measuring the "human risk" factor and adjusting training based on simulation results. Required Skills and Experience: GRC Platform Expertise: Hands-on experience configuring and managing GRC software such as ServiceNow (GRC/IRM), Drata, Vanta, Sprinto. Technical Control Auditing: Ability to audit technical environments, including Cloud Security (AWS/Azure/GCP), Operating Systems, and Network Architecture. Control Mapping: Deep familiarity with the Unified Control Framework (UCF) or similar methodologies to map one control to multiple regulations. Standards Mastery: Expert knowledge of industry frameworks, specifically: ISO/IEC 42001 (Artificial Intelligence Management Systems) ISO/IEC 27001 (Information security management systems) Data Privacy: GDPR, CCPA, or HIPAA requirements. Experience Requirements Professional Background: Typically 3–6 years of experience in Cybersecurity, IT Audit, or Risk Management including 1-2 years of experience in AIMS. Audit Management: Proven track record of leading Audit Remediation Programs, including managing "Corrective Action Plans" (CAPs). Policy Development: Experience writing and maintaining enterprise-wide security policies that are both compliant and practically implementable by engineering teams. Program Ownership: Previous experience running a Security Awareness and Phishing program, including vendor selection (e.g., KnowBe4, Proofpoint) and metric reporting. Professional Certifications While not always mandatory, the following certifications are highly valued for this role: ISO 42001: LA ISO 27001:2022 LA Soft Skills Cross-Functional Influence: The ability to influence engineering and product teams to prioritize security tasks without having direct authority over them. Analytical Thinking: Breaking down complex regulatory text into simple, actionable technical requirements. Communication: Translating technical risks into business impact for non-technical stakeholders and executives.

How To Apply:

Incase you would like to apply to this job directly from the source, please click here

Responsibilities

The candidate will manage the Governance, Risk, and Compliance (GRC) platform, focusing on configuring workflows for AI risk assessments and maintaining the operational health of the system. This role also involves maintaining a Unified Control Framework and mapping internal controls across various regulatory standards like ISO 27001 and NIST CSF.