Cyber Security Sr. Specialist

Cyber Security Sr. Specialist

IS Audit Management COE COL

Colombia - Medellin

Responsabilidades Generales

• Assess, evaluate, and make recommendations regarding the adequacy of the security/ IT controls for Evertec's environment and business objectives. • Advise and develop policies, procedures, and processes based on audit findings and/ or compliance framework requirements. • Crosswalk controls across multiple security compliance frameworks and regulation to foster adoption and identify gaps. • Advise and develop security standards, guidelines, and controls based on best practices and compliance frameworks • Translate security analyses, audit results, and compliance guidance into plain English that is understandable and actionable • Analyze and suggest improvements for security/ IT controls in both design and operation effectiveness • Develop risk registers, ideally aligned to controls, and execute basic risk assessment and management practices • Perform assessments (risk and/or compliance) to develop a baseline for creating or expanding a security program • Develop plans and tracking for non-compliance with applicable controls, and monitoring remediation progress against agreed upon timelines • Work with GRC tools • Evaluate new and existing technologies for compliance with information governance controls (e.g., access, authentication, encryption, logging, retention) 

Educación y Experiencia Requerida

• Bachelor's degree (B. A.) in cybersecurity, information systems or related fields. • Four (4) to five (5) of progressive experience in cybersecurity, audit, risk, compliance, or GRC roles. • No certificates or licenses needed but CISA, CISM, CRISC or CISSP certifications are a plus. • Expertise in common security and privacy frameworks and regulations (e.g., ISO, NIST, CIS, SOC 1, SOC 2, PCI DSS). • In-depth understanding of audit processes and requirements, with experience leading and guiding audit initiatives to successful completion. • Technical skills: Excel, Word, PowerPoint, GRC tools, quick learner of new technologies in general. 

Conocimiento y Destrezas Requeridas

• Proven ability to manage and execute numerous parallel activities in a fast-paced, dynamic team environment • Strong organizational skills with demonstrated prioritization and decision-making skills to not miss deadlines or drop assignments • Strong written and verbal skills in English and Spanish, including a demonstrated ability to translate complex or technical information into concepts that are easily understood and actionable • Knowledge of fundamental security/ IT concepts (e.g., retention, data classification, access control, third party risk) • Demonstrated critical thinking skills, but also able to follow instructions to meet the team's overall objective • Technical aptitude to be able to learn new technologies quickly with little instruction • Strong attention to detail and high commitment to quality • Good attitude and courtesy to work with a smaller, fast-paced team • Efficiency, always looking for ways to gain efficiency and maximize time spent • Able to operate with a high degree of independence executing with excellent follow-through for assigned tasks, but also knowing when to stop, ask questions, and seek input from the team or management • Passionate about cybersecurity, governance, risk, and compliance, to make our environment more secure and healthy • Not afraid to roll your sleeves up, learn what's needed to learn, get done what needs to get done • Reliability, discretion, and confidentiality 

Información Adicional

Lunes a Viernes de 8am a 6pm

Se requiere disponibilidad para trabajar horario extendido, fines de semana y/o feriados y disponibilidad para viajar según sea necesario.

Evertec Group, LLC es un Patrono con Igualdad de Oportunidades de Empleo