Security Advisor I

About Us

HighRadius provides a single Agentic AI platform for the Office of the CFO. It
integrates 180+ agents that orchestrate end-to-end processes across
Order-to-Cash, Close & Reconciliation, Consolidation & Reporting, Accounts
Payable, B2B Payments, and Treasury. HighRadius guarantees operational KPI
improvements by mapping them to specific agents on the platform. With a 3-6
month go-live period, HighRadius drives value creation at 1300+ enterprises such
as 3M, Unilever, Bristol-Myers Squibb Company, Red Bull, Lufthansa, and more.
HighRadius has been consistently recognized as a market leader by Gartner, IDC,
and Forrester.

Job Summary:  

We are seeking a proactive Security Advisor to join our Risk & Compliance team.
This critical role will lead our comprehensive audit program, managing
third-party (ISO 27001, ISO 42001, PCI DSS, ISO 27701), client and internal
audits from end to end.  
This individual will also be a key driver in defining and maturing our risk
management framework.  
The ideal candidate is a hands-on GRC professional who will also contribute to
the continuous improvement of our security posture by reviewing and enhancing
company policies, procedures, and standards. 
We require an expert with deep, hands-on experience using GRC tools and a strong
understanding of the Unified Control Framework (UCF).  
Preferred candidates will also have a good working knowledge of NIST 800-53, and
HIPAA regulations. 

Responsibilities: 
● Lead External Certifications: Manage the end-to-end lifecycle of third-party
audits, ensuring successful certification and maintenance for ISO 27001, ISO
42001 (AI), ISO 27701 (Privacy), and PCI DSS. 
● Client & Internal Audits: Act as the primary lead for al client-initiated
security audits and questionnaires, while also planning and executing a robust
schedule of internal compliance assessments. 
● Audit Remediation: Coordinate with cross-functional teams to address audit
findings, tracking non-conformities to closure and ensuring evidence
of remediation. 
● Framework Development: Define, implement, and actively mature the
organization's Risk Management Framework to identify, evaluate, and mitigate
security risks. 
● Policy Lifecycle Management: Proactively review, draft, and enhance
company-wide security policies, procedures, and standards to ensure they reflect
the current threat landscape and business needs. 
● Continuous Improvement: Drive the continuous evolution of the company’s
security posture by identifying gaps in governance and recommending strategic
improvements. 
● GRC Tool Administration: Leverage deep, hands-on experience to implement and
optimize GRC tools, streamlining compliance workflows and evidence collection. 
● Unified Control Framework (UCF): Utilize the Unified Control Framework to map
controls across various standards (ISO, PCI, NIST, HIPAA) to reduce redundancy
and increase efficiency ("test once, satisfy many"). 
● Regulatory Compliance: Ensure organizational alignment with industry-specific
regulations and frameworks, specificaly NIST 800-53 and HIPAA, alongside the
core ISO/PCI standards.

Required Skills and Experience: 
● Bachelor's degree in Computer Science, Information Technology, or a related
field. 
● Minimum of 8-15 years of hands-on experience in audits and risk management 
● A proven track record of successfuly leading organizations through ISO 27001
and PCI DSS certification cycles (from gap analysis to final certification) 
● Experience (or strong theoretical preparation) in implementing ISO 42001 (AI
Management Systems) and ISO 27701 (Privacy), demonstrating an ability to adapt
to new governance landscapes. 
● Experience acting as the external face of security for the company, including
fielding complex client questionnaires, and joining sales cals to demonstrate
security posture. 
● Knowledge of HIPAA privacy/security rules and NIST 800-53 controls, preferably
within a B2B or SaaS environment. 
● Demonstrated experience selecting, implementing, or administering GRC
platforms (e.g., Drata, Vanta, Archer, LogicGate, or OneTrust) to automate 
evidence colection and control monitoring. 
● Specific experience using the Unified Control Framework (UCF) to map a single
control set across multiple authority documents (e.g., mapping a password policy
to satisfy both PCI DSS and HIPAA simultaneously). 
● Experience drafting and maintaining a hierarchy of information security
policies, standards, and procedures that are both compliant and operationaly
feasible. 
● Experience moving an organization from ad-hoc risk assessments to a formal,
mature Risk Management Framework (RMF). 
● Certificates like CISA, CRISC, ISO 27001:2022 LA will be preferred.  

Preferred Skills: 
● Experience with ISO 27001:2022 framework. 
● Strong familiarity with NIST Control catalog, specificaly to NIST 800-53 
● Ski ls in integrating GRC tools(ie.g. Drata, Vanta, Archer) with technical
systems (AWS, Azure, Jira,) to automate evidence colection via APIs. 
● Strong organizational ski ls to juggle multiple simultaneous audit timelines
(e.g., running a PCI audit while preparing for ISO surveillance). 
● Ability to quantify risk in financial terms (e.g., "Annualized Loss
Expectancy"). 
● Experience working with leadership to define a formal "Risk Appetite
Statement"—determining exactly how much risk the company is willing to accept to
achieve its growth goals.