10 feb
Nearshore Cyber
Monterrey
**Location: Monterrey or Matamoros, Mexico**:
**Applications from persons not living in Mexico will NOT be accepted.
**
Information Security Risk Assessors report continuously on the state of risk, providing visibility and helping business leaders and risk managers understand where risk resides and where improvements must be made to protect the business.
Such reporting includes adherence to regulations and industry guidelines, as well as corporate risk acceptance.
The cybersecurity risk assessor focuses on third-party risk, as well as risks within internal and business-controlled areas of security, technology, and business processes.
Information Security Risk Assessors partner with audit, compliance, and legal as needed.
**Essential Job Duties**
- Serve on a distributed risk team responsible for reviewing and documenting where security and technology controls are adequate, as well as areas requiring improvement and where risk is to high.
- Recommend risk reduction steps to be implemented and maintained through policies, procedures, frameworks, and technical controls.
- Work closely with risk management and security leadership, teammates, and stakeholders to evaluate and recommend models aligning with organizational risk posture.
- Identify strengths and weaknesses in the program as they relate to privacy, security, business resiliency, and compliance frameworks.
- Document, formulate and enforce security improvements that balance risk with business operations, and do not diminish efficiencies or innovation.
- Attend change and project management meetings to understand and proactively strengthen controls to avoid unnecessary risk across lines of business.
- Support company risk posture through development of controls and processes used in test,
quality assurance and production environments from conception to completion.
- Analyze workflows, design documents and procedures to identify gaps in risk posture and risk acceptability based on controls.
- Create and present risk posture discovery and recommendation reports to leadership.
- Review technical reports from vulnerability and penetration testing assessments, and results from tabletop exercises.
- Monitor plans of action and milestones for risk remediation requirements from internal and external security assessments, vulnerability reports, audit findings and security gaps.
- Remain educated on regulatory requirements, internal policies, and industry best practices.
- Liaise with technical and business teams on business continuity and disaster recovery requirements.
- Provide strong oversight of third parties, vendors,
and business partners to safeguard against undue risk presented by external entities.
- Frequently interact with business units to understand their plans, risk posture and tolerance, and how to support their vision and business obligations with security and risk in mind.
- Openly support the organization, the management team, and executive leadership team, even during times of adversity.
- Perform other duties as assigned.
**Skills and Experience**
- Preferably 3-5+ years experience in security systems administration, with 2+ years risk management experience.
- Ideally familiar with one or more regulatory requirements and laws such as, but not limited to, SOX, HIPAA, GDPR, and GLBA.
Additionally, experience in one or more: ISO 17799, ITIL and NIST.
- General understanding of the Factor Analysis of Information Risk (FAIR) methodology.
- Track record of taking pride in work, seeking to excel, and being curious and flexible.
Strong written and oral communication skills across varying levels of the organization.
- Understanding of service design, delivery concepts and control frameworks.
- Organized, with the ability to prioritize and complete tasks within defined SLAs.
- Excellent judgment and ability to make quick decisions when working with complex situations.
- High degree of integrity, trustworthiness, and confidence; represents the company and its management team with the highest level of professionalism.
- Education Requirements
- Bachelors degree or equivalent industry experience in information assurance, computer science, engineering, or related field.
**Certification Requirements**
- CRISC, CISSP, CISA, CGEIT, GCCC, GSEC, GISP, or other relevant certifications preferable but not required.
Muestra tus habilidades a la empresa, rellenar el formulario y deja un toque personal en la carta, ayudará el reclutador en la elección del candidato.