22 feb
Clip
Xico
**Who w**e are?
**
Payclip is changing the way payments work in Mexico!
We are empowering people to exchange value directly from a mobile device.
Clip enables anyone to accept card payments, at any time, and anywhere by turning your smartphone or tablet into a card terminal.
We're a well-funded quickly growing FinTech startup.
We are the leaders in our market and are accelerating to extend our lead and move into new markets.
**The Role**:
We are looking for an Information Security Governance Sr.
Manager (ISGM) to be part of this amazing fast-growing Fintech.
- The ISGM is responsible for aligning, establishing, and maintaining a wide information security governance management program,
to ensure that information assets and data are adequately protected.
- Design ,govern, implement, communicate and maintain the process and policies supporting the ISMS system and cyber security program (based on ISO 2700x, NIST CSF), information risk management, cybersecurity, compliance, privacy and continuous improvement processes.
**What will I be doing?
**
- Leads the cyber governance strategy for Information security management system ISO 27001/27002, privacy management systems ISO 27701, and ISO/IEC 27017 for cloud service
- Responsible for managing the information and cyber security documentation repository platform and process.
- Ensures that international, national, and local Information Security and Privacy regulations,standars are being followed.
- Responsible for engaging cross-functional leaders across the enterprise, including Technology, Architecture, Internal Audit, Privacy, Information Security, Finance, Human Resources, and different lines of business to design and implement Security governance and data security program
- Create and deliver Information Security awareness, learning & development, using techniques and methodologies for educating the employees using different channels and methods, technologies, and advice on security issues, best practices, and tips.
- Owns the process for the development evaluation and maintenance of Security policies, standards & procedures, and data lifecycle practices.
- Identifying gaps in Information and cyber security policy design and coordinating with internal areas the remediation plans to design, document, implement, and improvement of the information security policies and procedures.
- Define, develop,
track the implementation of the Cybersecurity framework and continuously measure the maturity level of controls against NIST Cybersecurity Framework (CSF)
- Ensure the implementation of appropriate policies, standards, and procedures to reduce the risk of loss of confidential or regulated data(PII, PCI, Financial,etc ),definition of the data governance strategy in connection with the data valorization initiative
- Develop and enforce security policies and procedures related to data protection (PKI, Encryption, Privacy, Access Control, DLP), responsible for managing the Data Governance Assessments.
- Provide guidance and share knowledge with team members and participate in performing procedures, especially focusing on complex, judgemental, and/or specialized data protection and privacy issues, or cyber transformation and strategic engagements.
**Technical knowledge**:
- Professional certification: ISO 27001,
CISM, CIPP/E/T, CISSP, CSA, or equivalent is preferred, Strong knowledge of NIST CSF is highly desired.
- Significant knowledge and experience with security, privacy, and regulatory compliance standards such as SOX, PCI-DSS, HIPAA, SOC 1/SOC 2 (SSAE18), ISO 27001, ISO 27701, ISO 27017, ITGC
- Experience with IT, security information governance, risk, and compliance management frameworks and tools
- Experience writing policies, procedures, and controls in one or more standards/frameworks.
- Experience in various cybersecurity areas such as: Identity and Access Management, Threat Intelligence, Vulnerability Management, Information Risk and Governance, Security Architecture, Monitoring, Incident Response, Security Strategy, and Cyber - Resiliency,
ability to effectively persuade and explain IT and Information Security matters to non-technical stakeholders, configuring and maintaining GRC process well documented and updated into the defined GRC platform
- Strong written and verbal communication skills for report writing, information security governance process mapping, technical policies, and security methodology documentation.
- Experience implementing information security governance and management systems for Data security and privacy regulations (GDPR, CCPA, HIPPA, and Mexican privacy law.)
- Identify information security governance opportunities and evaluate the Security and privacy impacts on different products and services
- Experience in defining, designing,
implementing, and managing privacy and data security requirements and policies
- Developing information security awareness and training materials, and evaluating the education program.
- Experience in FinT
Muestra tus habilidades a la empresa, rellenar el formulario y deja un toque personal en la carta, ayudará el reclutador en la elección del candidato.