Security Advisor I

Job Title: Security Advisor I - Risk & Compliance

Location: Hyderabad, Telangana

Team: Cyber Security Risk & Compliance

Job Summary:

We are seeking a proactive Security Advisor to join our Risk & Compliance team. This critical role wi l lead our comprehensive audit program, managing third-party (ISO 27001, ISO 42001, PCI DSS, ISO 27701), client and internal audits from end to end.

This individual will also be a key driver in defining and maturing our risk management framework. The ideal candidate is a hands-on GRC professional who wi l also contribute to the continuous improvement of our security posture by reviewing and enhancing company policies, procedures, and standards. We require an expert with deep, hands-on experience using GRC tools and a strong understanding of the Unified Control Framework (UCF).

Preferred candidates will also have a good working knowledge of NIST 800-53, and HIPAA regulations.

Responsibilities:

Lead External Certifications: Manage the end-to-end lifecycle of third-party audits, ensuring successful certification and maintenance for ISO 27001, ISO 42001 (AI), ISO 27701 (Privacy), and PCI DSS.

Client & Internal Audits: Act as the primary lead for al client-initiated security audits and questionnaires, while also planning and executing a robust schedule of internal compliance assessments.

Audit Remediation: Coordinate with cross-functional teams to address audit findings, tracking non-conformities to closure and ensuring evidence of remediation.

Framework Development: Define, implement, and actively mature the organization's Risk Management Framework to identify, evaluate, and mitigate security risks.

Policy Lifecycle Management: Proactively review, draft, and enhance company-wide security policies, procedures, and standards to ensure they reflect the current threat landscape and business needs.

Continuous Improvement: Drive the continuous evolution of the companys security posture by identifying gaps in governance and recommending strategic improvements.

GRC Tool Administration: Leverage deep, hands-on experience to implement and optimize GRC tools, streamlining compliance workflows and evidence colection.

Unified Control Framework (UCF): Utilize the Unified Control Framework to map controls across various standards (ISO, PCI, NIST, HIPAA) to reduce redundancy and increase efficiency ("test once, satisfy many").

Regulatory Compliance: Ensure organizational alignment with industry-specific regulations and frameworks, specifically NIST 800-53 and HIPAA, alongside the core ISO/PCI standards.

Required Skills and Experience:

Bachelor's degree in Computer Science, Information Technology, or a related field.

Minimum of 8-15 years of hands-on experience in audits and risk management

A proven track record of successfully leading organizations through ISO 27001 and PCI DSS certification cycles (from gap analysis to final certification).

Experience (or strong theoretical preparation) in implementing ISO 42001 (AI Management Systems) and ISO 27701 (Privacy), demonstrating an ability to adapt to new governance landscapes.

Experience acting as the external face of security for the company, including fielding complex client questionnaires, and joining sales cals to demonstrate security posture.

Knowledge of HIPAA privacy/security rules and NIST 800-53 controls, preferably within a B2B or SaaS environment.

Demonstrated experience selecting, implementing, or administering GRC platforms (e.g., Drata, Vanta, Archer, LogicGate, or OneTrust) to automate evidence colection and control monitoring.

Specific experience using the Unified Control Framework (UCF) to map a single control set across multiple authority documents (e.g., mapping a password policy to satisfy both PCI DSS and HIPAA simultaneously).

Experience drafting and maintaining a hierarchy of information security policies, standards, and procedures that are both compliant and operationally feasible.

Experience moving an organization from ad-hoc risk assessments to a formal, mature Risk Management Framework (RMF).

Certificates like CISA, CRISC, ISO 27001:2022 LA wi l be preferred.

Preferred Skills:

Experience with ISO 27001:2022 framework.

Strong familiarity with NIST Control catalog, specificaly to NIST 800-53 Skills in integrating GRC tools(ie.g. Drata, Vanta, Archer) with technical systems (AWS, Azure, Jira,) to automate evidence colection via APIs.

Strong organizational ski ls to juggle multiple simultaneous audit timelines (e.g., running a PCI audit while preparing for ISO survei lance). Ability to quantify risk in financial terms (e.g., "Annualized Loss Expectancy").

Experience working with leadership to define a formal "Risk Appetite Statement"determining exactly how much risk the company is wi ling to accept to achieve its growth goals.