Специалист по информационной безопасности

Information Security Specialist Colombia

The Information Security team is a strategic, organization-wide function responsible for safeguarding the confidentiality, integrity, and availability of all information assets, systems, and technologies. It establishes, manages, and enforces the comprehensive Information Security Program (ISP), covering risks related to technology, vendors, data handling, and regulatory compliance (including Colombian financial regulations and PCI DSS). The team provides expertise in critical security domains (e.g., Network, Application, and Physical Security), manages incident response, and supports BCP. Its core objective is to maintain a secure environment that supports business goals and proactively mitigates internal and external threats.

Challenges that await you:

• Lead the information security assessment and continuous monitoring of all third-party service providers, contractors, and vendors.
• Ensure service provider contracts contain adequate security clauses and monitor their adherence to established security policies and contractual requirements.
• Oversee security practices and access controls for internal and external contractors working on company systems or premises.
• Support the implementation, configuration, and maintenance of technical and administrative security controls as mandated by the Information Security Program (ISP).
• Ensure technical and administrative controls for information security are effective and aligned with industry best practices.
• Directly manage and coordinate all activities related to the implementation and maintenance of the Payment Card Industry Data Security Standard (PCI DSS), ensuring ongoing compliance for relevant environments.
• Continuously monitor, interpret, and ensure organizational adherence to all relevant Colombian Financial Sector Regulations pertaining to information security and data protection (e.g., those issued by the Superintendencia Financiera de Colombia).
• Coordinate and support internal and external audits related to local and international regulations, managing resulting remediation plans.
• Generate comprehensive compliance reports for management and regulatory bodies.
• Coordinate the security-related aspects of the Business Continuity Plan (BCP) and Disaster Recovery (DR) efforts, participating in testing and validation.
• Coordinate internal security training and awareness campaigns.
• Support Physical Security activities related to IT assets, data centers, and secure access areas.

What makes you a great fit:

• + 6 years of proven experience as analyst in cybersecurity and/or information security within the Colombian financial sector.
• Professional working proficiency in both Spanish and English (written and verbal).
• Experience coordinating internal and external audits of the Information Security Management System (ISMS).
• Ability to simultaneously manage multiple complex compliance and security initiatives.
• Hands-on experience in PCI DSS implementation and information security compliance.
• Proven ability in Contractors Oversight and managing third-party information security risk.
• Experience acting as a security advisor to Internal IT Support teams, ensuring operational security alignment.

Our ways of working:

• Innovative Spirit: A commitment to creativity and groundbreaking solutions.
• Honest Feedback: valuing open, transparent communication.
• Supportive Team: a strong, collaborative community.
• Celebrating Achievements: recognizing our wins together.
• High-Tech Environment: a team full of smart and revolutionary people who dare to challenge the status quo of incumbent finances.