Cyber Security Sr. Specialist

IS Audit Management COE COL

Colombia - Medellin

Responsabilidades Generales

• Assess, evaluate, and make recommendations regarding the adequacy of the security/ IT controls for Evertec's environment and business objectives.
• Advise and develop policies, procedures, and processes based on audit findings and/ or compliance framework requirements.
• Crosswalk controls across multiple security compliance frameworks and regulation to foster adoption and identify gaps.
• Advise and develop security standards, guidelines, and controls based on best practices and compliance frameworks
• Translate security analyses, audit results, and compliance guidance into plain English that is understandable and actionable
• Analyze and suggest improvements for security/ IT controls in both design and operation effectiveness
• Develop risk registers, ideally aligned to controls, and execute basic risk assessment and management practices
• Perform assessments (risk and/or compliance) to develop a baseline for creating or expanding a security program
• Develop plans and tracking for non-compliance with applicable controls, and monitoring remediation progress against agreed upon timelines
• Work with GRC tools
• Evaluate new and existing technologies for compliance with information governance controls (e.g., access, authentication, encryption, logging, retention) 

Educación y Experiencia Requerida

• Bachelor's degree (B. A.) in cybersecurity, information systems or related fields.
• Four (4) to five (5) of progressive experience in cybersecurity, audit, risk, compliance, or GRC roles.
• No certificates or licenses needed but CISA, CISM, CRISC or CISSP certifications are a plus.

#LI-DNI
• Expertise in common security and privacy frameworks and regulations (e.g., ISO, NIST, CIS, SOC 1, SOC 2, PCI DSS).
• In-depth understanding of audit processes and requirements, with experience leading and guiding audit initiatives to successful completion.
• Technical skills: Excel, Word, PowerPoint, GRC tools, quick learner of new technologies in general. 

Conocimiento y Destrezas Requeridas

• Proven ability to manage and execute numerous parallel activities in a fast-paced, dynamic team environment
• Strong organizational skills with demonstrated prioritization and decision-making skills to not miss deadlines or drop assignments
• Strong written and verbal skills in English and Spanish, including a demonstrated ability to translate complex or technical information into concepts that are easily understood and actionable
• Knowledge of fundamental security/ IT concepts (e.g., retention, data classification, access control, third party risk)
• Demonstrated critical thinking skills, but also able to follow instructions to meet the team's overall objective
• Technical aptitude to be able to learn new technologies quickly with little instruction
• Strong attention to detail and high commitment to quality
• Good attitude and courtesy to work with a smaller, fast-paced team
• Efficiency, always looking for ways to gain efficiency and maximize time spent
• Able to operate with a high degree of independence executing with excellent follow-through for assigned tasks, but also knowing when to stop, ask questions, and seek input from the team or management
• Passionate about cybersecurity, governance, risk, and compliance, to make our environment more secure and healthy
• Not afraid to roll your sleeves up, learn what's needed to learn, get done what needs to get done
• Reliability, discretion, and confidentiality 

Información Adicional

Lunes a Jueves de 8am a 6pm, Viernes de 8am a 5pm

Evertec Group, LLC es un Patrono con Igualdad de Oportunidades de Empleo