Sr Cyber Risk and Assurance Specialist

Working as part of the Regional Information Security Office within the IT department, the Sr Cyber Risk and Assurance Specialist will be responsible for support the day-to-day IT Security Governance, Risk and Compliance management functions. The role will include primary responsibility for managing IT and organizational policies and standards in support of legal and regulatory compliance needs as well as general IT and organizational information security practices.

Key Responsibilities

Collaborate to define IT security standards and develop supporting organizational policies.
Support IT security compliance assessments on new and existing systems, processes, technology.
Support vendor due-diligence process and help to lead and define overall third party risk management efforts.
Work with various business units to ensure controls are adequate, appropriate, and effective.
Support internal and external audit process for relevant IT Security concerns including PCI-DSS, SOX.
Perform business impact analysis and assist with development of IT/InfoSec risk register.
Interface with global IT and business partners to provide guidance and support about the IT Security landscape.
Perform periodic gap assessments to validate compliance on an ongoing basis.
Stay up to date and informed on developing regulatory concerns and changing regional IT and information security risk trends.
Proactively look for, documents and escalate cyber security risks in the region as appropriate.
 

• Bachelor’s degree in Computer science, Information Technology, Cyber Security, Network/Telecommunications engineering, Electronic/Electric engineering or similar.
• Knowledge of project management methodologies such as Agile and/or PMBOK.
• Security risk management methodologies (Octave, ISO27005, NIST 800-30 / NIST RMF or similar)
• Certified Information Systems Security Professional (CISSP), CISM and/or equivalent. (Desired).
• 5 years of experience in: 
• - Assessing compliance, and/or supporting the adoption/implementation of:
• - Security standards and best practices (ISO27001/2, NIST CSF/ NIST 800-53, CIS CSC, CMMC, or equivalent)
• - Cloud security standards and best practices (CSA CCM)
• - Privacy standards (GDPR, NYPA/NYS PPPL, ISO 27701/27018, Brazil LFPD, Habeas Data frameworks, or similar)
• Excellent takeholder management skills, including technical members of staff and senior executives.
• Knowledge of project lifecycles, with understanding of CI/CD.
• Knowledge of threat modeling and risk assessments methodologies.
• Proven ability to follow incident management processes, managing stakeholders.
• Extensive understanding of IT technologies such as networking, servers, IOT etc.
• Experience interpreting and applying information security standards and frameworks.
• Experience with Risk assessment standards such as: Octave, NIST 800-53, ISO27005.
• Knowledge of cloud security technology, with proven ability to apply knowledge to use case (desired).
• Knowledge of SDLC methodologies, with proven ability to apply knowledge to use case (desired).
• Experience in defensive/offensive security is a plus.

Spanish – native, 

English – Full bilingual.

Portuguese - a plus