About Us
HighRadius, a renowned provider of cloud-based Autonomous Software for the Office of the CFO, has transformed critical financial processes for over 1000+ leading companies worldwide.Trusted by prestigious organizations like 3M, Unilever, Anheuser-Busch InBev, Sanofi, Kellogg Company, Danone, Hershey's, and many others, HighRadius optimizes order-to-cash, treasury, and record-to-report processes, earning us back-to-back recognition in Gartner's Magic Quadrant and a prestigious spot in Forbes Cloud 100 List for three consecutive years.With a remarkable valuation of $3.1B and an impressive annual recurring revenue exceeding $100M, we experience a robust year-over-year growth of 24%.
With a global presence spanning 6+ locations, we're in the pre-IPO stage, poised for rapid growth. We invite passionate and diverse individuals to join us on this exciting path to becoming a publicly traded company and shape our promising future.
Job Summary:
We are seeking a proactive Security Advisor to join our Risk & Compliance team. This critical role will lead our comprehensive audit program, managing third-party (ISO 27001, ISO 42001, PCI DSS, ISO 27701), client and internal audits from end to end. This individual will also be a key driver in defining and maturing our risk management framework. The ideal candidate is a hands-on GRC professional who will also contribute to the continuous improvement of our security posture by reviewing and enhancing company policies, procedures, and standards. We require an expert with deep, hands-on experience using GRC tools and a strong understanding of the Unified Control Framework (UCF).
Preferred candidates will also have a good working knowledge of NIST 800-53, and HIPAA regulations.
Responsibilities:
●
Lead External Certifications:
Manage the end-to-end lifecycle of third-party audits, ensuring successful certification and maintenance for ISO 27001, ISO 42001 (AI), ISO 27701 (Privacy), and PCI DSS.
●
Client & Internal Audits:
Act as the primary lead for al client-initiated security audits and questionnaires, while also planning and executing a robust schedule of internal compliance assessments.
●
Audit Remediation:
Coordinate with cross-functional teams to address audit findings, tracking non-conformities to closure and ensuring evidence of remediation.
●
Framework Development:
Define, implement, and actively mature the organization's Risk Management Framework to identify, evaluate, and mitigate security risks.
●
Policy Lifecycle Management:
Proactively review, draft, and enhance company-wide security policies, procedures, and standards to ensure they reflect the current threat landscape and business needs.
●
Continuous Improvement:
Drive the continuous evolution of the company’s security posture by identifying gaps in governance and recommending strategic improvements.
●
GRC Tool Administration:
Leverage deep, hands-on experience to implement and optimize GRC tools, streamlining compliance workflows and evidence collection.
●
Unified Control Framework (UCF):
Utilize the Unified Control Framework to map controls across various standards (ISO, PCI, NIST, HIPAA) to reduce redundancy and increase efficiency ("test once, satisfy many").
●
Regulatory Compliance:
Ensure organizational alignment with industry-specific regulations and frameworks, specificaly NIST 800-53 and HIPAA, alongside the core ISO/PCI standards.
Required Skills and Experience:
● Bachelor's degree in Computer Science, Information Technology, or a related field. ● Minimum of 8-15 years of hands-on experience in audits and risk management ● A proven track record of successfuly leading organizations through ISO 27001 and PCI DSS certification cycles (from gap analysis to final certification) ● Experience (or strong theoretical preparation) in implementing ISO 42001 (AI Management Systems) and ISO 27701 (Privacy), demonstrating an ability to adapt to new governance landscapes. ● Experience acting as the external face of security for the company, including fielding complex client questionnaires, and joining sales cals to demonstrate security posture. ● Knowledge of HIPAA privacy/security rules and NIST 800-53 controls, preferably within a B2B or SaaS environment. ● Demonstrated experience selecting, implementing, or administering GRC platforms (e.g., Drata, Vanta, Archer, LogicGate, or OneTrust) to automate evidence colection and control monitoring. ● Specific experience using the Unified Control Framework (UCF) to map a single control set across multiple authority documents (e.g., mapping a password policy to satisfy both PCI DSS and HIPAA simultaneously). ● Experience drafting and maintaining a hierarchy of information security policies, standards, and procedures that are both compliant and operationaly feasible. ● Experience moving an organization from ad-hoc risk assessments to a formal, mature Risk Management Framework (RMF). ● Certificates like CISA, CRISC, ISO 27001:2022 LA will be preferred.
Preferred Skills:
● Experience with ISO 27001:2022 framework. ● Strong familiarity with NIST Control catalog, specificaly to NIST 800-53 ● Ski ls in integrating GRC tools(ie.g. Drata, Vanta, Archer) with technical systems (AWS, Azure, Jira,) to automate evidence colection via APIs. ● Strong organizational ski ls to juggle multiple simultaneous audit timelines (e.g., running a PCI audit while preparing for ISO surveillance). ● Ability to quantify risk in financial terms (e.g., "Annualized Loss Expectancy"). ● Experience working with leadership to define a formal "Risk Appetite Statement"—determining exactly how much risk the company is willing to accept to achieve its growth goals.
