IC2 IT Security Analyst - DevSecOps

Job: IC2 IT Security Analyst - DevSecOps 

Job Family: Technology > Sub-family: Cybersecurity 

Reports to (role): IT Security Lead - DevSecOps 

Objective of the Role 

Objective of the Role: As an IC2 IT Security Analyst - DevSecOps, you will be responsible for supporting the integration of security into the DevOps processes within our fintech product development team. This role involves assisting in the secure development, deployment, and operation of our applications and infrastructure. You will collaborate with development, operations, and security teams to ensure security automation and continuous improvement. 

Main Responsibilities 

1. Ensure that applicable security standards, policies, and procedures are implemented in new business products or developments. 
2. Define security requirements based on applicable standards for the business. 
3. Develop, implement, and improve operational security processes to ensure products and business align with mandatory cybersecurity requirements. 
4. Update audit programs and periodic reviews of applicable authorities and standards such as CNBV, PCI DSS, BANXICO, LFPDPPP, etc. 
5. Manage security audit requirements with operational areas and handle remediation plans for resulting findings. 
6. Manage information security risks through annual or project-based risk analyses, defining risk treatment plans. 
7. Evaluate new acquisitions and projects to identify third-party risks. 
8. Support the continuous improvement and compliance of the Information Security Management System, evaluating its performance based on risk indicators and KPIs. 
9. Execute control strengthening exercises based on requirements, best practices, or findings. 
10. Actively participate in compliance committees and cross-functional adherence initiatives based on business needs. 
11. Ensure and support the business continuity strategy in the business units. 
12. Participate in security awareness education and training for employees within the business unit. 
13. Serve as a Culture Ambassador to foster and maintain a positive, inclusive, and dynamic work environment that aligns with the company's values and culture. 
14. Create and maintain detailed documentation of support processes, procedures, and incident resolutions. 
15. Conduct root cause analysis for major incidents and implement corrective actions. 
16. Actively create an autonomous work culture and collaborate in an agile and lean environment. 
17. Promote a culture of diversity, equity, and inclusion within the IT support team. 

Required Knowledge and Experience 

1. Bachelor's degree in Computer Science, Information Technology, or a related field. 
2. 1 to 3 years of experience in similar positions. 
3. Knowledge of, interpretation, and application of banking regulations, applicable standards, and best security practices. 
4. Knowledge of security and risk standards such as PCI DSS, ISO/IEC 27001, ISO 31000, ISO/IEC 27005. 
5. Knowledge of continuity standards such as ISO 22301. 
6. Technical knowledge of the functioning of security controls and layers. 
7. Intermediate level of English proficiency. 

Spin está comprometida con un lugar de trabajo diverso e inclusivo. 
Somos un empleador que ofrece igualdad de oportunidades y no discrimina por motivos de raza, origen nacional, género, identidad de género, orientación sexual, discapacidad, edad u otra condición legalmente protegida. 
Si desea solicitar una adaptación, notifique a su Reclutador.