Information Security Risk & Compliance Engineer

Job Title:

Work Mode:

Experience:

Location

Key Responsibilities

• Lead end-to-end

  Information Security Risk Assessment (ISRA)

  programs within ISD, ensuring strong governance, consistent execution quality, and timely delivery.
• Operationalize

  RAI Privacy Assessment

  workflows for customer engagements, including intake design, evidence tracking, and structured review cadences aligned with internal processes.
• Integrate

  Secure by Default

  controls into delivery lifecyclesmanage ISRA 2.0 questionnaire consolidation, reviewer gates, and exception governance mechanisms.
• Define key performance indicators and dashboards (e.g., compliance uplift, review turnaround time, assessment throughput, exception closure rate) and provide

  executive?ready progress insights

  .
• Maintain comprehensive

  RAID logs

  (Risks, Assumptions, Issues, Decisions) across workstreams; drive weekly program stand?ups, dependency mapping, and release readiness reviews with PMs and architects.

Required Technical Skills

• Proven experience conducting

  security and privacy reviews

  in enterprise-scale delivery or system integration environments.
• Strong proficiency in

  threat modeling

  and

  DFD-based analysis

  , ideally with Microsoft Threat Modeling Tool (TMT) and familiarity with AI?assisted evaluation methods.
• Expertise in

  ISRA 2.0

  , Secure by Default frameworks, reviewer gate reviews, and exception lifecycle management.
• Solid understanding of

  global regulatory frameworks

  (GDPR, CCPA) and their mapping to

  cloud governance and compliance

  (e.g., Azure Policy, data residency standards).
• Hands-on experience with

  program management and collaboration tools

  , including Azure DevOps, Microsoft Teams, SharePoint, Virtuoso, and analytics?driven health dashboards.

Required Soft Skills

• Excellent

  executive communication

  able to present concise, data?driven insights and risk narratives to senior leadership.
• Strong

  stakeholder management

  skills across Information Security, Solution Architecture, Delivery, Privacy/Legal, and Engineering teams.
• Proven ability in

  change management and enablement

  driving adoption of new security controls, portals, and compliance updates (e.g., IDCL, ISRA revisions).
• Analytical and

  data?driven decision?making

  defining and interpreting KPIs, analyzing telemetry, and continuously enhancing program performance.

Preferred Qualifications

• Prior experience in

  security, privacy, or compliance program management

  , ideally in a GRC or audit-focused function.
• Exposure to

  ISO 27001 audits

  , MCAPS compliance frameworks, or regulatory assessment programs.
• Understanding of

  Responsible AI

  and

  privacy-preserving architectures

  .
• Certifications such as

  CISM, CISA, CRISC

  , or

  ISO 27001 Lead Implementer/Auditor

  will be an advantage.