The role will ensure all information assets of the product are kept confidential, preserve integrity and are available on request. Ensure all IT systems follow internal and external IT compliance regulations. Report status of information security to executive management (executive board, CEO, Supervisory Board).
- Develop information security strategy and policies ("Plan Director de Seguridad") in alignment with business goals and ensure confidentiality, integrity, availability, safety and privacy of assets.
- Investigate information breaches and take remedial actions.
- Ensure processes are in place to deal with cyber security and related incidents.
- Ensure compliance with internal and external requirements for information security.
- Define and verify (at least annually) access profiles of users of the technological infrastructure.
- Identify and prevent misuse of technological infrastructure by users.
- Implement controls that preserve the integrity and confidentiality of the information.
- Design measures for the adequate recovery of information.
- Analysis of cyber security incidents and proposal of counter measures.
- Develop, implement, monitor, improve and document a consistent IT security framework.
- Consults and supports investigation of security incidents.
- Manage information security alerts communicated by the CNBV, other authorities, or internal teams, as well as Information Security Incidents.
- Develop and implement policies and procedures to classify information and its appropriate treatment, based on the risk involved for information security.
- Ensure the implementation of regulatory observations regarding information security.
- Develop and coordinate information security related training and awareness programs for all employees.
Important decisions of the role:
- Escalate information security breaches to management and authorities.
- Sign-off on the information security plan for the product processes.
- Sign-off on systems required to preserve information integrity.
- Validate access profile for users of tech infrastructure.
- Approve measures defined to correct deficiencies detected.
- Ensuring customer and company information is secure.
- Developing a comprehensive information security strategy and policies.
- Defining recovery plan after an information security incident.
- Monitoring the implementation of defined information security initiatives.
- Ensuring IT systems are in compliance with the standards and authorities requirements.
- Bachelor’s degree (MBA preferred).
- Minimum of 3 years experience in Information Security.
- Experience managing teams.
- Excellent written and verbal communication skills.
- Excellent teamwork skills.