Security Advisor I

<p><strong>About Us</strong><br><br>HighRadius provides a single Agentic AI platform for the Office of the CFO. It integrates 180+ agents that orchestrate end-to-end processes across Order-to-Cash, Close &amp; Reconciliation, Consolidation &amp; Reporting, Accounts Payable, B2B Payments, and Treasury. HighRadius guarantees operational KPI improvements by mapping them to specific agents on the platform. With a 3-6 month go-live period, HighRadius drives value creation at 1300+ enterprises such as 3M, Unilever, Bristol-Myers Squibb Company, Red Bull, Lufthansa, and more. HighRadius has been consistently recognized as a market leader by Gartner, IDC, and Forrester.</p> <p><strong>Job Summary: </strong>&nbsp;<br><br>We are seeking a proactive Security Advisor to join our Risk &amp; Compliance team. This critical role will lead our comprehensive audit program, managing third-party (ISO 27001, ISO 42001, PCI DSS, ISO 27701), client and internal audits from end to end. &nbsp;<br>This individual will also be a key driver in defining and maturing our risk management framework. &nbsp;<br>The ideal candidate is a hands-on GRC professional who will also contribute to the continuous improvement of our security posture by reviewing and enhancing company policies, procedures, and standards.&nbsp;<br>We require an expert with deep, hands-on experience using GRC tools and a strong understanding of the Unified Control Framework (UCF). &nbsp;<br>Preferred candidates will also have a good working knowledge of NIST 800-53, and HIPAA regulations.&nbsp;<br><br><strong>Responsibilities:&nbsp;</strong><br>● <strong>Lead External Certifications:</strong> Manage the end-to-end lifecycle of third-party audits, ensuring successful certification and maintenance for ISO 27001, ISO 42001 (AI), ISO 27701 (Privacy), and PCI DSS.&nbsp;<br>●<strong> Client &amp; Internal Audits:</strong> Act as the primary lead for al client-initiated security audits and questionnaires, while also planning and executing a robust schedule&nbsp;of internal compliance assessments.&nbsp;<br>● <strong>Audit Remediation:</strong> Coordinate with cross-functional teams to address audit findings, tracking non-conformities to closure and ensuring evidence of&nbsp;remediation.&nbsp;<br>● <strong>Framework Development:</strong> Define, implement, and actively mature the organization's Risk Management Framework to identify, evaluate, and mitigate security risks.&nbsp;<br>● <strong>Policy Lifecycle Management:</strong> Proactively review, draft, and enhance company-wide security policies, procedures, and standards to ensure they&nbsp;reflect the current threat landscape and business needs.&nbsp;<br>● <strong>Continuous Improvement:</strong> Drive the continuous evolution of the company’s security posture by identifying gaps in governance and recommending strategic improvements.&nbsp;<br>●<strong> GRC Tool Administration:</strong> Leverage deep, hands-on experience to implement and optimize GRC tools, streamlining compliance workflows and evidence&nbsp;collection.&nbsp;<br>●<strong> Unified Control Framework (UCF):</strong> Utilize the Unified Control Framework to map controls across various standards (ISO, PCI, NIST, HIPAA) to reduce redundancy and increase efficiency ("test once, satisfy many").&nbsp;<br>● <strong>Regulatory Compliance:</strong> Ensure organizational alignment with industry-specific regulations and frameworks, specificaly NIST 800-53 and HIPAA, alongside the core ISO/PCI standards. <br><br><strong>Required Skills and Experience:&nbsp;</strong><br>● Bachelor's degree in Computer Science, Information Technology, or a related field.&nbsp;<br>● Minimum of 8-15 years of hands-on experience in audits and risk management&nbsp;<br>● A proven track record of successfuly leading organizations through ISO 27001 and PCI DSS certification cycles (from gap analysis to final certification)&nbsp;<br>● Experience (or strong theoretical preparation) in implementing ISO 42001 (AI Management Systems) and ISO 27701 (Privacy), demonstrating an ability to adapt to new governance landscapes.&nbsp;<br>● Experience acting as the external face of security for the company, including fielding complex client questionnaires, and joining sales cals to demonstrate security posture.&nbsp;<br>● Knowledge of HIPAA privacy/security rules and NIST 800-53 controls, preferably within a B2B or SaaS environment.&nbsp;<br>● Demonstrated experience selecting, implementing, or administering GRC platforms (e.g., Drata, Vanta, Archer, LogicGate, or OneTrust) to automate&nbsp;<br>evidence colection and control monitoring.&nbsp;<br>● Specific experience using the Unified Control Framework (UCF) to map a single control set across multiple authority documents (e.g., mapping a password&nbsp;policy to satisfy both PCI DSS and HIPAA simultaneously).&nbsp;<br>● Experience drafting and maintaining a hierarchy of information security policies, standards, and procedures that are both compliant and operationaly feasible.&nbsp;<br>● Experience moving an organization from ad-hoc risk assessments to a formal, mature Risk Management Framework (RMF).&nbsp;<br>● Certificates like CISA, CRISC, ISO 27001:2022 LA will be preferred. &nbsp;<br><br><strong>Preferred Skills:&nbsp;</strong><br>● Experience with ISO 27001:2022 framework.&nbsp;<br>● Strong familiarity with NIST Control catalog, specificaly to NIST 800-53&nbsp;<br>● Ski ls in integrating GRC tools(ie.g. Drata, Vanta, Archer) with technical systems (AWS, Azure, Jira,) to automate evidence colection via APIs.&nbsp;<br>● Strong organizational ski ls to juggle multiple simultaneous audit timelines (e.g., running a PCI audit while preparing for ISO surveillance).&nbsp;<br>● Ability to quantify risk in financial terms (e.g., "Annualized Loss Expectancy").&nbsp;<br>● Experience working with leadership to define a formal "Risk Appetite Statement"—determining exactly how much risk the company is willing to accept&nbsp;to achieve its growth goals.&nbsp;</p>