DirecciónWhat we look for
An effective communicator, you’ll are a confident team player with a genuine passion to make things happen in a dynamic organization.
If you’re ready to take on a wide range of responsibilities and are committed to seeking out new ways to make a difference, this role is for you.
Job purpose
Reporting to the Process Security Risk Team Lead, you will be responsible for developing and executing a comprehensive control framework focused on ensuring that security is maintained throughout business processes.
Your role will also support the implementation of our organization’s strategies around process security controls by maintaining and developing new ways of doing things and creating business relationships transversally within Technology and other business units.
The position is expected to work with internal stakeholders and take a lead role in analyzing key risks, establish regular dialogue between risk and control owners to identify areas for improvement and develop strategies to enhance security of these business processes.
Main Responsibilities
- Maintain and develop our control framework focused on securing business processes that allow effective monitoring, management and mitigation aligned with business objectives associated to the operations of our organization and our technology.
- Identify potential risks within processes and implement risk mitigation strategies and controls.
- Support to develop standards, procedures, policies and improve our positioning through process improvement, policy automation, and the continuous evolution of capabilities and our control framework.
- Document and report control failures and gaps to stakeholders.
- Provide remediation guidance and sometime drives projects to ensure deployment of mitigation actions or process improvements and prepare management reports to track remediation activities.
Required Qualifications
Minimum qualifications
- Bachelor’s within Information Systems, Information / Cyber Security, Finance, Economics, Law or other relevant study.
- A pragmatic approach developed through hard won experience working in GRC departments and direct experience supporting process to : Define, create and execute of control framework.
It is key also have experienced in documenting security procedures, policies, and standards.Perform assessments and conduct compliance and maturity assessments using international standards and best practices from various industries.
Ensure that all risks and non-conformities are actively managed, monitored, documented, and mitigated if possible. That means, support to analyze the root causes of operational exceptions as well as to assist in the development and completion of risk mitigation.
Define and tracking KPIs / KRIs and generating reporting adapted for different levels and stakeholders.Perform controls audits and executing remediation plans not only internally but also third party and partners and support the completion of business unit specific risk / control self-assessments.
Work experience in a professional environment preferred, including : Demonstrated planning and problem-solving skills.
Thorough understanding of market structures, including relevant regulatory compliance requirements (SOC 2 , GDPR, etc.).Demonstrated experience working on activities related to process improvements.
Demonstrated experience translating functional requirements to small activities.Experience organizing and carrying out risk assessment and compliance projects.
Ability to successfully support audits (external and internal), compile evidence, and organize audit responses.Fluent written and verbal communication skills in English.Travel availability.
Preferred qualifications / Personal Characteristics
- Relevant security certification like : CIA, CISA, CRISC, ISO 27001
- Proficient with MS Office, project management, and at least one GRC tool (recommended).
- Familiarity with auditing, monitoring, controlling, and process assessment frameworks.
