Information Security Risk & Compliance Engineer

Job Title: IT Security Engineer

Work Mode: Onsite

Experience: 5+ Years

Location : Banjara Hills, Hyderabad

Key Responsibilities

• Lead end-to-end Information Security Risk Assessment (ISRA) programs within ISD, ensuring strong governance, consistent execution quality, and timely delivery.
• Operationalize RAI Privacy Assessment workflows for customer engagements, including intake design, evidence tracking, and structured review cadences aligned with internal processes.
• Integrate Secure by Default controls into delivery lifecyclesmanage ISRA 2.0 questionnaire consolidation, reviewer gates, and exception governance mechanisms.
• Define key performance indicators and dashboards (e.g., compliance uplift, review turnaround time, assessment throughput, exception closure rate) and provide executiveready progress insights .
• Maintain comprehensive RAID logs (Risks, Assumptions, Issues, Decisions) across workstreams; drive weekly program standups, dependency mapping, and release readiness reviews with PMs and architects.

Required Technical Skills

• Proven experience conducting security and privacy reviews in enterprise-scale delivery or system integration environments.
• Strong proficiency in threat modeling and DFD-based analysis , ideally with Microsoft Threat Modeling Tool (TMT) and familiarity with AIassisted evaluation methods.
• Expertise in ISRA 2.0 , Secure by Default frameworks, reviewer gate reviews, and exception lifecycle management.
• Solid understanding of global regulatory frameworks (GDPR, CCPA) and their mapping to cloud governance and compliance (e.g., Azure Policy, data residency standards).
• Hands-on experience with program management and collaboration tools , including Azure DevOps, Microsoft Teams, SharePoint, Virtuoso, and analyticsdriven health dashboards.

Required Soft Skills

• Excellent executive communication able to present concise, datadriven insights and risk narratives to senior leadership.
• Strong stakeholder management skills across Information Security, Solution Architecture, Delivery, Privacy/Legal, and Engineering teams.
• Proven ability in change management and enablement driving adoption of new security controls, portals, and compliance updates (e.g., IDCL, ISRA revisions).
• Analytical and datadriven decisionmaking defining and interpreting KPIs, analyzing telemetry, and continuously enhancing program performance.

Preferred Qualifications

• Prior experience in security, privacy, or compliance program management , ideally in a GRC or audit-focused function.
• Exposure to ISO 27001 audits , MCAPS compliance frameworks, or regulatory assessment programs.
• Understanding of Responsible AI and privacy-preserving architectures .
• Certifications such as CISM, CISA, CRISC , or ISO 27001 Lead Implementer/Auditor will be an advantage.