Cyber Security Risk Specialist

Cyber Security Risk Specialist

​Legal & Administrative Services​

Puerto Rico 

General Responsibilities

• Identificar, evaluar y monitorear riesgos tecnológicos y de seguridad de la información. • Mantener actualizado el inventario de riesgos, controles y planes de tratamiento. • Apoyar auditorías internas y externas, y coordinar acciones correctivas. • Elaborar y mantener políticas, procedimientos y estándares de seguridad y cumplimiento. • Generar reportes ejecutivos sobre el estado de riesgos, cumplimiento y controles. • Monitorear y evaluar continuamente la postura de seguridad en entornos cloud (AWS, Azure, GCP). • Identificar configuraciones inseguras, brechas de cumplimiento y desviaciones de políticas en la nube. • Utilizar herramientas de CSPM (como Tenable Cloud Security, Microsoft Defender for Cloud, etc.) para automatizar la detección y remediación de riesgos. • Colaborar con equipos de infraestructura y desarrollo para implementar controles de seguridad en arquitecturas cloud. • Asegurar el cumplimiento de marcos como CIS Benchmarks, ISO 27017, NIST CSF, y regulaciones en entornos de nube. • Participar en revisiones de arquitectura y evaluaciones de riesgos de nuevos servicios de nube. 

Performs duties through methods and actions that are consistently ethical and in total compliance with the laws, applicable regulations, Code of Ethics, corporate policies and guidelines and rules of conduct. Completes corporate trainings and certifications intended for the detection and prevention of money laundering related activities and fraud, insider training and conflict of interest policies and procedures, as applicable.

Education and Experience Required

Educación: Profesional en Ingeniería de Sistemas, Seguridad Informática Experiencia: 2-5 años de experiencia en gestión de riesgos, cumplimiento o seguridad de la información y cloud. Certificaciones deseables: CISA, CISM, CRISC, CISSP, CCSP, ISO 27001 Lead Implementer/Auditor, AWS/Azure/GCP Security. 

Knowledge and Skills Required

1 - Conocimientos Técnicos: Conocimiento de marcos y normativas como ISO 27001, NIST, SOX, PCI-DSS, entre otros. 2 - Manejo de herramientas GRC (como AuditBoard, etc.) es deseable. 3 - Conocimiento en Cloud AWS, Azure or Oracle 

Additional Information

Lunes a Viernes 8am-5pm 

Available to work extended hours, weekends and/or holidays as needed and the availability to travel as required supporting projects in the region. 

“Evertec Group, LLC is an Equal Opportunity Employer. All qualified applicants will receive consideration for employment without regard to race, color, religion, gender, pregnancy, marriage, sexual orientation, gender identity, national origin, age, genetic information or condition, political affiliation, religious ideology, being a victim or perceived victim of domestic violence, sexual assault, or harassment, serving or having served in the Armed Forces of the United States, disability status, or any other protected category by Puerto Rico or US Federal law. EEO is the Law Poster. If you are an individual with a disability, a disabled veteran, or a wounded warrior and you are unable or limited in your ability to access or use this site as a result of your disability, please contact the People & Culture Department in advance at (787) 759-9999 or send an email to talentacquisition@evertecinc.com in order to accommodate your special needs. Evertec is an employer with E-Verify to verify the eligibility for employment of all the new employees. Participation Poster. Drug-free company. Equal Employment Opportunity/ Affirmative Action for Women/Veterans/People with Disabilities.”