Job Title

Job Title: IT Security EngineerWork Mode: OnsiteExperience: 5+ YearsLocation: Banjara Hills, HyderabadKey Responsibilities- Lead end-to-end Information Security Risk Assessment (ISRA) programs within ISD, ensuring strong governance, consistent execution quality, and timely delivery. - Operationalize RAI Privacy Assessment workflows for customer engagements, including intake design, evidence tracking, and structured review cadences aligned with internal processes. - Integrate Secure by Default controls into delivery lifecycles—manage ISRA 2.0 questionnaire consolidation, reviewer gates, and exception governance mechanisms. - Define key performance indicators and dashboards (e.g., compliance uplift, review turnaround time, assessment throughput, exception closure rate) and provide executive‑ready progress insights. - Maintain comprehensive RAID logs (Risks, Assumptions, Issues, Decisions) across workstreams; drive weekly program stand‑ups, dependency mapping, and release readiness reviews with PMs and architects.Required Technical Skills- Proven experience conducting security and privacy reviews in enterprise-scale delivery or system integration environments. - Strong proficiency in threat modeling and DFD-based analysis, ideally with Microsoft Threat Modeling Tool (TMT) and familiarity with AI‑assisted evaluation methods. - Expertise in ISRA 2.0, Secure by Default frameworks, reviewer gate reviews, and exception lifecycle management. - Solid understanding of global regulatory frameworks (GDPR, CCPA) and their mapping to cloud governance and compliance (e.g., Azure Policy, data residency standards). - Hands-on experience with program management and collaboration tools, including Azure DevOps, Microsoft Teams, SharePoint, Virtuoso, and analytics‑driven health dashboards.Required Soft Skills- Excellent executive communication—able to present concise, data‑driven insights and risk narratives to senior leadership. - Strong stakeholder management skills across Information Security, Solution Architecture, Delivery, Privacy/Legal, and Engineering teams. - Proven ability in change management and enablement—driving adoption of new security controls, portals, and compliance updates (e.g., IDCL, ISRA revisions). - Analytical and data‑driven decision‑making—defining and interpreting KPIs, analyzing telemetry, and continuously enhancing program performance.Preferred Qualifications- Prior experience in security, privacy, or compliance program management, ideally in a GRC or audit-focused function. - Exposure to ISO 27001 audits, MCAPS compliance frameworks, or regulatory assessment programs. - Understanding of Responsible AI and privacy-preserving architectures. - Certifications such as CISM, CISA, CRISC, or ISO 27001 Lead Implementer/Auditor will be an advantage.