Security Engineer - GRC Domain

Job Title : Security Engineer (with GRC Expertise)

Location : Bengaluru

Type : Full-time

Department : Infosec

Reports to : Head of Security / CTO

About Us :

CNH is on a mission to improve healthcare through secure, user-friendly technology. As a healthtech startup, protecting sensitive health data is foundational to our work. Were looking for a Security Engineer who can bridge hands-on security engineering with compliance and risk management.

What Youll Do :

- Co-ordinate the technical aspects of SOC 2, ISO 27001 readiness and audits.

- Policies and Documentation : Develop and maintain security policies, control documentation, and evidence for audits.

- Risk Register Management : Identify, document, and maintain an information security risk register.

- Regularly report to the security lead and other stakeholders.

- Third-Party Risk Management : Provide monitoring, independent oversight, and facilitate the execution and continuous improvement of third-party risk management and processes.

- Security Awareness : Drive security awareness initiatives and conduct regular training on CNHs security policies and standard requirements through training sessions, communication, and workshop.

- Operationalize and automate compliance processes using tools like Drata, Vanta, or Secureframe.

- Collaborate with IT ,legal, HR, and product to ensure data protection across the company.

What You Bring :

- Minimum 3 years of experience in security engineering, with at least 1-2 years of exposure to Governance, Risk, and Compliance (GRC) domains and audit processes.

- Strong knowledge of core security principles such as least privilege access, defense in depth, preventative vs. detective controls,

network security, cloud security, application security, endpoint security, data protection, and incident response.

- Familiarity with cloud platforms (AWS, GCP) and securing modern infrastructure.

- Familiarity with compliance platforms and automation tools.

- Excellent communication and cross-functional collaboration skills.

Bonus Points :

- Security certifications like CISSP, CISM, ISO 27001 Lead Implementer, or AWS Security.

- Experience in a startup or high-growth company setting.

- Knowledge of secure software development lifecycle (SSDLC) and threat modeling.

Why Join Us :

- Be part of a mission-driven team solving real-world healthcare challenges.

- Competitive salary, meaningful equity, and flexible work environment.

- Opportunity to shape the security culture and infrastructure from the ground up.

- Work at the intersection of cutting-edge tech and regulatory compliance.