IT Security Lead - Durango, México - Listopro

    Listopro
    Listopro Durango, México

    hace 2 semanas

    listopro background
    remote
    Descripción

    The Company's Information Security team isseeking a Business InformationSecurity

    Officer (BISO) / InformationSecurity Manager for our LATAM Digital ServicesJoint

    Venture.

    RolePurpose

    • Providethe security leadership and influence IT and business executiveswhilst ensuring the business and regulatory requirements aremet.
    • Represent the Group CISO function asthe Business Information Security Officer (BISO) /Information Security Manager and manage theInformation
    • Security resources supporting theCompany's Digital Services venture.
    • Providevisibility and insights on Security to the LATAMRISO.
    • Build and effective relationship,partnering and supporting the C level executives on InformationSecurity matters.
    • Manage and attend requiredCommittees, cyber governance meetings and regulatoryengagements.
    • Assess and evaluate risk &control position against the KPI's and information security riskmanagementframework.

    Responsibilities:

    Therole is focused on securing the Company's Digital Services businessunit. We are

    looking for a Business InformationSecurity Officer / Information SecurityManager

    with the skills to influence businessleadership, execute complex projects andguide

    the IT teams regarding Information Securityrequirements.

    The roles and responsibilities forthe position include but are not limitedto:

    • Supporting the Group CISOportfolio delivery with oversight and escalation to ensure that allglobal security requirements are effectively rolled out in theCompany.
    • 2. The Business Information SecurityOfficer / Information Security Manager is the primary technicalsecurity contact within the organization for security riskanalysis, gap identification, and mitigation/remediationactivities.
    • Provide regular reporting oninformation security Key Performance Indicators (KPI), issues andrisks to the RISO and C Levelexecutives.
    • Engage with key stakeholders toensure that processes and initiatives follow Company's global and regional security processes, monitor security policy/standards compliance, and ensureInformation Security strategy is understood andcommunicated.
    • Acts as the technical subject matter expert on all security initiatives, leveragesexisting global, regional security technology and products to solveproblems, and assists the project teams with testing, deployment,and execution of new initiatives.
    • Oversee,support and report on Company's Information Security incidents in collaboration with Global/Regional Security Operationsand the Privacy function.
    • Support the internalsecurity awareness and training activities and providefeedback.
    • Oversee the internalThird-Party Cyber Risk Management program to support the business in managing the information security risks of third-party relationships.
    • Act astrusted advisor in the exception risk management process to includearticulating risk and vulnerability information, determining mitigatingcontrols, and assist in remediation plandevelopment.
    • Support the business duringinternal and external audits and with audit resolutions forinformation security related issues, ensuring that a process is inplace to address issues discovered through analysis and takingcorrectiveactions.

    ExperienceRequirements:

    • Experienceleading Latin America information securityrequirements.
    • Bachelor's degree in computerscience, Information Technology, Cyber Security orsimilar
    • Strong general security knowledgeacross all aspects of the NIST CybersecurityFramework
    • Demonstrated expertise in IncidentResponse and Incident Management.
    • Anunderstanding of cloud services and cloud developmenttechniques.
    • Communication skills including theability to develop and provide effective presentations tovarious audiences, including non-technicalresources.
    • CISM, CISSP, GIAC or Similarcertifications.
    • Written/spoken Englishproficiency required.
    • Ability to translatehighly technical information into plainlanguage.
    • High level of analytical andproblem-solving abilities.
    • At least 10 years ITexperience, working in a technical discipline.
    • 5-10 years working experience in InformationSecurity.
    • At least 3 years' experience workingin a senior technical role.