Cybersecurity GRC Analyst - Freelance - Mexico City

This opportunity is part of a cybersecurity labor market research project. By submitting your information, youll not only contribute to shaping industry insights but also ensure we can match you with job and contract opportunities as they arise. Participants will receive free access to our research findings, including the next edition of Nearshore Cyber Quarterly, a comprehensive summary and analysis of the Latin American cybersecurity job market.

Esta oportunidad forma parte de un proyecto de investigación sobre el mercado laboral en ciberseguridad. Al enviar tu información, no solo contribuirás a generar valiosos conocimientos para la industria, sino que también te ayudaremos a conectar con oportunidades laborales y de contrato a medida que surjan. Los participantes recibirán acceso gratuito a los resultados de nuestra investigación, incluyendo la próxima edición de Nearshore Cyber Quarterly, un resumen y análisis completo del mercado laboral de ciberseguridad en América Latina.

Job Description:

A Cybersecurity Governance, Risk, and Compliance (GRC) Analyst is responsible for ensuring that an organization's information security program aligns with business objectives, regulatory requirements, and industry standards. They work to identify, assess, and mitigate security risks while ensuring compliance with relevant laws and regulations. This role involves developing and implementing security policies, conducting risk assessments, and managing the organization's overall security posture.

Skills and Experience:

- Strong understanding of information security principles and best practices

- In-depth knowledge of regulatory frameworks and compliance standards (e.g., GDPR, HIPAA, PCI DSS, SOX)

- Experience with risk assessment methodologies and frameworks (e.g., NIST, ISO 27001, COBIT)

- Familiarity with GRC tools and platforms

- Understanding of cybersecurity controls and their implementation

- Knowledge of data privacy laws and regulations

- Experience in developing and maintaining security policies and procedures

- Ability to conduct security audits and assessments

- Strong analytical and problem-solving skills

- Excellent communication skills for presenting to both technical and non-technical audiences

- Experience with vendor risk management processes

- Understanding of business continuity and disaster recovery principles

Language Requirement:

Strong English language abilities at a minimum of EFSET C1 level

Required Certifications:

- CISA (Certified Information Systems Auditor)

- CRISC (Certified in Risk and Information Systems Control)

Optional Certifications:

- CISSP (Certified Information Systems Security Professional)

- CISM (Certified Information Security Manager)

- CGEIT (Certified in the Governance of Enterprise IT)

- CompTIA Security+

- CCSK (Certificate of Cloud Security Knowledge)

- ISO 27001 Lead Implementer or Lead Auditor