Search by job, company or skills

Highradius

Cyber Security Engineer - II

Highradius
Hyderabad, India
3-6 Years
new job description bg glownew job description bg glownew job description bg svg
  • Posted 3 days ago
  • Be among the first 20 applicants
Early Applicant

Job Description

Job Title: CSE II - GRC AIMS

Location: Hyderabad, Telangana

Team: Cyber Security Risk & Compliance

Job Summary:

As a Governance, Risk, and Compliance (GRC) Engineer, candidate will be the architect of our AI security framework, ensuring that our technical operations align perfectly with legal and regulatory requirements. You won't just be checking boxes you will be building the systems that automate compliance, manage risk, and foster a culture of security awareness across the organization.

The ideal candidate bridges the gap between high-level policy and technical implementation, turning complex compliance standards into actionable technical controls.

Responsibilities:

1. GRC Tool Management

You will be managing the GRC platform and perform activities:

  • Configuring and managing workflows for AI risk assessments and Policies
  • Maintaining the platform's operational work.

2. Unified Control Framework (UCF) & Mapping

You will maintain a Unified Control Framework.

  • Mapping internal controls across multiple standards such as ISO 27001, SOC2, NIST CSF, PCI DSS, AIMS, PIMS, GDPR etc.
  • Eliminating redundant testing by applying a test once, comply many philosophy.

3. Policy Lifecycle Management

You will oversee the entire birth-to-retirement process of organizational policies including AI Policies.

  • Drafting, reviewing, and updating security policies, Procedures and standards.
  • Ensuring policies, Procedures and Standards are effectively communicated and signed by relevant stakeholders.
  • Aligning technical standards with evolving business goals and threat landscapes.

4. Audit Remediation Program

When gaps are identified, you lead the charge in fixing them.

  • Tracking findings from internal and external audits.
  • Partnering with multiple teams to design and implement remediation plans.
  • Validating that fixes are effective and sustainable.

5. Cybersecurity Scorecard & Reporting

You will update and track the metrics that tell the story of our security posture.

  • Developing real-time dashboards for Cyber Security Scores.

6. Security Awareness & Phishing Program

Security is a human challenge as much as a technical one.

  • Designing and deploying quarterly phishing simulations.
  • Developing engaging security training content tailored to different departments.
  • Measuring the human risk factor and adjusting training based on simulation results.

Required Skills and Experience:

  • GRC Platform Expertise: Hands-on experience configuring and managing GRC software such as ServiceNow (GRC/IRM), Drata, Vanta, Sprinto.
  • Technical Control Auditing: Ability to audit technical environments, including Cloud Security (AWS/Azure/GCP), Operating Systems, and Network Architecture.
  • Control Mapping: Deep familiarity with the Unified Control Framework (UCF) or similar methodologies to map one control to multiple regulations.
  • Standards Mastery: Expert knowledge of industry frameworks, specifically:
    • ISO/IEC 42001 (Artificial Intelligence Management Systems)
    • ISO/IEC 27001 (Information security management systems)
    • Data Privacy: GDPR, CCPA, or HIPAA requirements.

Experience Requirements

  • Professional Background: Typically 3-6 years of experience in Cybersecurity, IT Audit, or Risk Management including 1-2 years of experience in AIMS.
  • Audit Management: Proven track record of leading Audit Remediation Programs, including managing Corrective Action Plans (CAPs).
  • Policy Development: Experience writing and maintaining enterprise-wide security policies that are both compliant and practically implementable by engineering teams.
  • Program Ownership: Previous experience running a Security Awareness and Phishing program, including vendor selection (e.g., KnowBe4, Proofpoint) and metric reporting.

Professional Certifications

While not always mandatory, the following certifications are highly valued for this role:

  • ISO 42001: LA
  • ISO 27001:2022 LA

Soft Skills

  • Cross-Functional Influence: The ability to influence engineering and product teams to prioritize security tasks without having direct authority over them.
  • Analytical Thinking: Breaking down complex regulatory text into simple, actionable technical requirements.
  • Communication: Translating technical risks into business impact for non-technical stakeholders and executives.

More Info

Job Type:
Permanent Job
Industry:
IT/Computers - Software
Function:
Cyber Security Risk Compliance
Employment Type:
Full time

About Company

Highradius

Job ID: 143717879

Jobs by Skill - IT
Jobs by Skill - Non IT
International Jobs
Last Updated: 01-03-2026 05:31:26 AM
Homejobs in Hyderabad / Secunderabad, TelanganaCyber Security Engineer - II