Job Title: IT Security Engineer
Work Mode: Onsite
Experience: 5+ Years
Location: Banjara Hills, Hyderabad
Key Responsibilities
- Lead end-to-end Information Security Risk Assessment (ISRA) programs within ISD, ensuring strong governance, consistent execution quality, and timely delivery.
- Operationalize RAI Privacy Assessment workflows for customer engagements, including intake design, evidence tracking, and structured review cadences aligned with internal processes.
- Integrate Secure by Default controls into delivery lifecyclesmanage ISRA 2.0 questionnaire consolidation, reviewer gates, and exception governance mechanisms.
- Define key performance indicators and dashboards (e.g., compliance uplift, review turnaround time, assessment throughput, exception closure rate) and provide executiveready progress insights.
- Maintain comprehensive RAID logs (Risks, Assumptions, Issues, Decisions) across workstreams; drive weekly program standups, dependency mapping, and release readiness reviews with PMs and architects.
Required Technical Skills
- Proven experience conducting security and privacy reviews in enterprise-scale delivery or system integration environments.
- Strong proficiency in threat modeling and DFD-based analysis, ideally with Microsoft Threat Modeling Tool (TMT) and familiarity with AIassisted evaluation methods.
- Expertise in ISRA 2.0, Secure by Default frameworks, reviewer gate reviews, and exception lifecycle management.
- Solid understanding of global regulatory frameworks (GDPR, CCPA) and their mapping to cloud governance and compliance (e.g., Azure Policy, data residency standards).
- Hands-on experience with program management and collaboration tools, including Azure DevOps, Microsoft Teams, SharePoint, Virtuoso, and analyticsdriven health dashboards.
Required Soft Skills
- Excellent executive communicationable to present concise, datadriven insights and risk narratives to senior leadership.
- Strong stakeholder management skills across Information Security, Solution Architecture, Delivery, Privacy/Legal, and Engineering teams.
- Proven ability in change management and enablementdriving adoption of new security controls, portals, and compliance updates (e.g., IDCL, ISRA revisions).
- Analytical and datadriven decisionmakingdefining and interpreting KPIs, analyzing telemetry, and continuously enhancing program performance.
Preferred Qualifications
- Prior experience in security, privacy, or compliance program management, ideally in a GRC or audit-focused function.
- Exposure to ISO 27001 audits, MCAPS compliance frameworks, or regulatory assessment programs.
- Understanding of Responsible AI and privacy-preserving architectures.
- Certifications such as CISM, CISA, CRISC, or ISO 27001 Lead Implementer/Auditor will be an advantage.
