Information Security GRC Specialist at Bitso
MéxicoFull-timeGRCPosted 3 months ago
About the Role
<div class="content-intro"><h3 class="p1"><span class="s1">Working At Bitso</span></h3>
<p class="p1"><span class="s1" style="font-size: 12pt;">We are a diverse team that takes pride in understanding the perspectives of others. We fully embrace working remotely and we are eager to act, improve and accelerate progress inside and outside of our organization.</span></p>
<p class="p1"><span class="s1" style="font-size: 12pt;">To drive revolutionary changes in society and make crypto useful, we delight our customers with world-class products, deep care, and intentional empathy.</span></p></div><p><span style="font-size: 14pt; font-family: helvetica, arial, sans-serif;"><strong>Your Purpose </strong></span></p>
<p><span style="font-family: helvetica, arial, sans-serif; font-size: 12pt;">As our Information Security GRC Specialist, you will be an integral part of the Information Security Governance, Risk, and Compliance team. Your role is essential to ensure that company security policies, technical standards, and procedures are <strong>implemented, maintained, and continuously improved</strong>, while overseeing <strong>security risk management and compliance with applicable security standards and regulations</strong>. Additionally, you will be responsible for coordinating and supporting external/internal security assessments.</span></p>
<p><span style="font-family: helvetica, arial, sans-serif; font-size: 12pt;">As part of the information security governance, risk, and compliance team, you will:</span></p>
<ul>
<li style="font-family: helvetica, arial, sans-serif; font-size: 12pt;"><span style="font-family: helvetica, arial, sans-serif; font-size: 12pt;">Use holistic approaches interconnecting governance, risk, and compliance through project management and the application of industry best practices, standards, and regulations.</span></li>
<li style="font-family: helvetica, arial, sans-serif; font-size: 12pt;"><span style="font-family: helvetica, arial, sans-serif; font-size: 12pt;">Connect information security with other involved teams.</span></li>
<li style="font-family: helvetica, arial, sans-serif; font-size: 12pt;"><span style="font-family: helvetica, arial, sans-serif; font-size: 12pt;">Drive alignment of all lines of business with the defined information security culture and governance model.</span></li>
<li style="font-family: helvetica, arial, sans-serif; font-size: 12pt;"><span style="font-family: helvetica, arial, sans-serif; font-size: 12pt;">Use Agile approaches in your projects.</span></li>
<li style="font-family: helvetica, arial, sans-serif; font-size: 12pt;"><span style="font-family: helvetica, arial, sans-serif; font-size: 12pt;">Focus on proactivity, quality, and excellence in your results.</span></li>
<li style="font-family: helvetica, arial, sans-serif; font-size: 12pt;"><span style="font-family: helvetica, arial, sans-serif; font-size: 12pt;">Explore strategies and solutions for effective Governance, Risk, and Compliance (GRC) engineering in the organization.</span></li>
</ul>
<p><span style="font-family: helvetica, arial, sans-serif; font-size: 12pt;">Beyond our team, you will collaborate closely with:</span></p>
<ul>
<li style="font-family: helvetica, arial, sans-serif; font-size: 12pt;"><span style="font-family: helvetica, arial, sans-serif; font-size: 12pt;">Organizational risk, compliance, and regulatory internal and external teams to ensure proper adherence to information security compliance processes.</span></li>
<li style="font-family: helvetica, arial, sans-serif; font-size: 12pt;"><span style="font-family: helvetica, arial, sans-serif; font-size: 12pt;">Technical groups to assist in implementing technical standards, controls, and configurations aligned with security policies, legal requirements, and audit standards.</span></li>
</ul>
<p> </p>
<p><span style="font-size: 14pt; font-family: helvetica, arial, sans-serif;"><strong>Reports To<br></strong></span><span style="font-family: helvetica, arial, sans-serif; font-size: 12pt;">Information Security Program Manager</span><br><br></p>
<p><span style="font-size: 14pt; font-family: helvetica, arial, sans-serif;"><strong>Who You Are </strong></span></p>
<ul>
<li style="font-family: helvetica, arial, sans-serif; font-size: 12pt;"><span style="font-family: helvetica, arial, sans-serif; font-size: 12pt;"><strong>Proven English proficiency</strong>. You are comfortable presenting to English-speaking audiences and creating deliverables in that language. You are able to maintain a fluid conversation in English.</span></li>
<li style="font-family: helvetica, arial, sans-serif; font-size: 12pt;"><span style="font-family: helvetica, arial, sans-serif; font-size: 12pt;"><strong>Minimum of 5 years of experience in</strong> <strong>Information Security GRC </strong>roles.</span></li>
<li style="font-family: helvetica, arial, sans-serif; font-size: 12pt;"><span style="font-family: helvetica, arial, sans-serif; font-size: 12pt;">At least <strong>3 years of experience leading or coordinating</strong> internal compliance assessments, internal audits, or acting as a strategic consultant with a focus on maturity assessments.</span></li>
<li style="font-family: helvetica, arial, sans-serif; font-size: 12pt;"><span style="font-family: helvetica, arial, sans-serif; font-size: 12pt;">At least 3 years of experience working with <strong>Mexican regulatory, cybersecurity, and information security requirements applicable to fintech or regulated financial entities</strong>.</span></li>
<li style="font-family: helvetica, arial, sans-serif; font-size: 12pt;"><span style="font-family: helvetica, arial, sans-serif; font-size: 12pt;">You have <strong>expert knowledge of information security frameworks</strong> and best practices (e.g., ISO/IEC 27000 series, COBIT, NIST SP 800-xx, NIST CSF, and CIS).</span></li>
<li style="font-family: helvetica, arial, sans-serif; font-size: 12pt;"><span style="font-family: helvetica, arial, sans-serif; font-size: 12pt;">You have working knowledge in scripting to read and modify simple scripts, understand JSON and YAML configuration files, use command-line tools and write basic automation tools.</span></li>
<li style="font-family: helvetica, arial, sans-serif; font-size: 12pt;"><span style="font-family: helvetica, arial, sans-serif; font-size: 12pt;">You have working knowledge of data analysis to extract relevant information from logs and identify trends and patterns, to turn technical data into business insights.</span></li>
<li style="font-family: helvetica, arial, sans-serif; font-size: 12pt;"><span style="font-family: helvetica, arial, sans-serif; font-size: 12pt;">You have <strong>proficiency in IT audit, compliance, and maturity assessments</strong>.</span></li>
<li style="font-family: helvetica, arial, sans-serif; font-size: 12pt;"><span style="font-family: helvetica, arial, sans-serif; font-size: 12pt;">You hold a Certified Information Systems Auditor (CISA) certification <strong>or equivalent credentials with a strong focus on IT audit, assurance, or information security governance</strong>.</span></li>
<li style="font-family: helvetica, arial, sans-serif; font-size: 12pt;"><span style="font-family: helvetica, arial, sans-serif; font-size: 12pt;">You hold a <strong>AWS Certified Cloud Practitioner</strong> or working knowledge with AWS Cloud Infrastructure. </span></li>
<li style="font-family: helvetica, arial, sans-serif; font-size: 12pt;"><span style="font-family: helvetica, arial, sans-serif; font-size: 12pt;">You possess a <strong>competent understanding of the risk management</strong> process, with emphasis on risk treatment, monitoring, and control assessment phases.</span></li>
<li style="font-family: helvetica, arial, sans-serif; font-size: 12pt;"><span style="font-family: helvetica, arial, sans-serif; font-size: 12pt;">You possess <strong>strong communication skills</strong>. These are crucial as the role involves <strong>coordinating</strong> with internal teams, external auditors, and various technical and non-technical groups. Being able to effectively communicate findings, recommendations, and remediation strategies to different levels of stakeholders is key.</span></li>
<li style="font-family: helvetica, arial, sans-serif; font-size: 12pt;"><span style="font-family: helvetica, arial, sans-serif; font-size: 12pt;">You are <strong>detail-oriented</strong>. Given the role's responsibilities in monitoring compliance, identifying gaps, and managing security controls, attention to detail is vital. You should be meticulous in your work to ensure that effective compliance and security measures are in place.</span></li>
<li style="font-family: helvetica, arial, sans-serif; font-size: 12pt;"><span style="font-family: helvetica, arial, sans-serif; font-size: 12pt;">You are an <strong>agile and avid learner</strong>. Information security is a rapidly evolving field, so you have a willingness to continuously learn and stay updated on the latest trends, threats, and best practices in the industry. Keeping up-to-date will help in effectively implementing security measures.</span></li>
<li style="font-family: helvetica, arial, sans-serif; font-size: 12pt;"><span style="font-family: helvetica, arial, sans-serif; font-size: 12pt;">You are <strong>passionate about information security,</strong> and you can see beyond the technology and controls. You find confluence points and create synergies. You believe in teamwork, and you believe that by empowering an organization to protect itself, you are on the side of a noble and much-needed cause.</span></li>
</ul>
<p><span style="font-size: 14pt;"><strong><span style="font-family: helvetica, arial, sans-serif;"><br>Nice-to-have:</span></strong></span></p>
<ul>
<li style="font-family: helvetica, arial, sans-serif; font-size: 12pt;"><span style="font-family: helvetica, arial, sans-serif; font-size: 12pt;">Minimum 2 years of strategic consulting experience, particularly within <strong>financial institutions</strong>.</span></li>
<li style="font-family: helvetica, arial, sans-serif; font-size: 12pt;"><span style="font-family: helvetica, arial, sans-serif; font-size: 12pt;">Additional certifications such as Certified ISO 27k Lead Auditor, CISSP, or PMP.</span></li>
<li style="font-family: helvetica, arial, sans-serif; font-size: 12pt;"><span style="font-family: helvetica, arial, sans-serif; font-size: 12pt;">Working knowledge with maturity models and frameworks (e.g., CMMI), cloud security best practices, project management (PMI), and Agile methodologies (e.g., Kanban).</span></li>
<li style="font-family: helvetica, arial, sans-serif; font-size: 12pt;"><span style="font-family: helvetica, arial, sans-serif; font-size: 12pt;">Familiarity with international regulations such as GDPR.</span></li>
</ul>
<p> </p>
<p><span style="font-size: 14pt; font-family: helvetica, arial, sans-serif;"><strong>What You Will Do </strong></span></p>
<ul>
<li style="font-family: helvetica, arial, sans-serif; font-size: 12pt;"><span style="font-family: helvetica, arial, sans-serif; font-size: 12pt;">Maintain and continuously improve the Information Security GRC Program.</span></li>
<li style="font-family: helvetica, arial, sans-serif; font-size: 12pt;"><span style="font-family: helvetica, arial, sans-serif; font-size: 12pt;">Act as a key liaison with regulatory authorities on information security–related topics.</span></li>
<li style="font-family: helvetica, arial, sans-serif; font-size: 12pt;"><span style="font-family: helvetica, arial, sans-serif; font-size: 12pt;">Support the adoption and consistent implementation of security policies, standards, and procedures across all lines of business.</span></li>
<li style="font-family: helvetica, arial, sans-serif; font-size: 12pt;"><span style="font-family: helvetica, arial, sans-serif; font-size: 12pt;">Assess and validate compliance with applicable regulatory, contractual, and information security requirements.</span></li>
<li style="font-family: helvetica, arial, sans-serif; font-size: 12pt;"><span style="font-family: helvetica, arial, sans-serif; font-size: 12pt;">Conduct regular information security and maturity assessments of Bitso’s information security controls, and follow up on treatment plans across the organization.</span></li>
<li style="font-family: helvetica, arial, sans-serif; font-size: 12pt;"><span style="font-family: helvetica, arial, sans-serif; font-size: 12pt;">Continually validate the organization against the internal information security governance framework to ensure compliance, monitor for non-conformities, and prepare reports and metrics with recommended remediation strategies.</span></li>
<li style="font-family: helvetica, arial, sans-serif; font-size: 12pt;"><span style="font-family: helvetica, arial, sans-serif; font-size: 12pt;">Collaborate with internal and external security audits, proactive technical assessments, and tracking findings and recommendations for appropriate action will be crucial aspects of your responsibilities.</span></li>
<li style="font-family: helvetica, arial, sans-serif; font-size: 12pt;"><span style="font-family: helvetica, arial, sans-serif; font-size: 12pt;">Guide and support non–security engineering teams, liaise with cross-functional stakeholders as needed, and ensure the quality, consistency, and effectiveness of information security programs and projects.</span></li>
<li style="font-family: helvetica, arial, sans-serif; font-size: 12pt;"><span style="font-family: helvetica, arial, sans-serif; font-size: 12pt;">Shift from manual compliance assessments to an automated, continuous, and integrated practice, embedding compliance directly into the technical stack.</span></li>
</ul>
<p> </p>
<p><span style="font-family: helvetica, arial, sans-serif; font-size: 12pt;"><em><span style="font-weight: 400;"><a href="https://hbr.org/2022/07/apply-to-a-job-even-if-you-dont-meet-all-criteria">Research</a> in Diversity, Equity, and Inclusion suggests that individuals may hesitate to apply for jobs if they do not meet all the listed criteria. At Bitso, we value diversity and your unique strengths could be just what we're looking for. If this role excites you but you don't match every point in the description, we still want to hear from you.</span></em></span></p>
<p class="hashtag"><span style="font-weight: 400; font-size: 12pt; font-family: helvetica, arial, sans-serif;">#LI-Remote</span></p><div class="content-conclusion"><h3 class="p1" style="line-height: 1.4;"><span class="s1" style="font-size: 12pt;">Who We Are</span></h3>
<p class="p1" style="line-height: 1.4;"><span class="s1" style="font-size: 12pt;">With over 9 million users, Bitso is the leading cryptocurrency platform in Latin America. We are developing the cryptocurrency ecosystem in the region and enabling financial inclusion. We believe crypto is the future of finance, and we’re committed to making it useful by providing equal access to safe and intuitive financial products.</span></p>
<p style="line-height: 1.4;"><span style="font-size: 12pt;">When we hire people for our team, we specifically test for the following traits in addition to our cultural values:</span></p>
<ul class="ak-ul" data-indent-level="1">
<li style="font-size: 12pt;">
<p data-renderer-start-pos="5354"><span style="font-size: 12pt;"><strong data-renderer-mark="true">Mission-Driven</strong>: We seek individuals who are passionate about crypto and Bitso’s mission and resilient in facing industry challenges</span></p>
</li>
<li style="font-size: 12pt;">
<p data-renderer-start-pos="5354"><span style="font-size: 12pt;"><strong data-renderer-mark="true">High Sense of Urgency</strong>: We prioritize candidates who demonstrate a high sense of urgency and responsibility.</span></p>
</li>
</ul>
<ul class="ak-ul" data-indent-level="1">
<li style="font-size: 12pt;">
<p data-renderer-start-pos="5603"><span style="font-size: 12pt;"><strong data-renderer-mark="true">Exceptional Hard Skills</strong>: We seek individuals who possess exceptional skills in their respective fields, with no room for mediocrity.</span></p>
</li>
<li style="font-size: 12pt;">
<p data-renderer-start-pos="5739"><span style="font-size: 12pt;"><strong data-renderer-mark="true">Self-Management</strong>: We look for individuals who can independently manage their work, career, and professional development.</span></p>
</li>
</ul>
<h3 class="p1" style="line-height: 1.4;"><span class="s1" style="font-size: 12pt;">Compensation & Benefits</span></h3>
<p class="p1" style="line-height: 1.4;"><span class="s1" style="font-size: 12pt;">At Bitso, you are taking the front seat on the edge of crypto innovation, creating the next generation of crypto-powered products.</span></p>
<p class="p1" style="line-height: 1.4;"><span class="s1" style="font-size: 12pt;">So for those willing to commit, adapt and pioneer the most important change of the century we offer:</span></p>
<ul class="ul1">
<li class="li1" style="font-size: 12pt;"><span class="s1" style="font-size: 12pt;"><strong>Me Time</strong> program, including unlimited paid time off.</span></li>
<li class="li1" style="font-size: 12pt;"><span class="s1" style="font-size: 12pt;"><strong>Remote-first</strong> work environment.</span></li>
<li class="li1" style="font-size: 12pt;"><span class="s1" style="font-size: 12pt;"><strong>Employee Stock Option</strong> program.</span></li>
<li class="li1" style="font-size: 12pt;"><span class="s1" style="font-size: 12pt;"><strong>Zero trading fees</strong> through our Bitso Alpha app.</span></li>
<li class="li1" style="font-size: 12pt;"><span class="s1" style="font-size: 12pt;"><strong>Extended Family Leave</strong> <strong>Policy:</strong> all birthing parents, non-birthing parents and adopting parents are eligible for a 4-months leave.</span></li>
<li class="li1" style="font-size: 12pt;"><span class="s1" style="font-size: 12pt;"><strong>Premium health, dental and life insurances</strong> in Mexico, Gibraltar, Colombia, USA, Brazil and Argentina.</span></li>
</ul>
<p class="p1" style="line-height: 1.4;"><span class="s1" style="font-size: 12pt;">Want to leave an undoubtedly legacy with us? Fasten your seatbelt and join this spaceship, where you will find exponential growth and the opportunity to thrive!</span></p>
<ul class="ul1">
<li class="li1" style="font-size: 12pt; line-height: 1.4;"><span class="s1" style="font-size: 12pt;">These are the applicable requisites, although equivalent competencies in any of the above will also be considered.</span></li>
<li class="li1" style="font-size: 12pt; line-height: 1.4;"><span class="s1" style="font-size: 12pt;">To see our Privacy Policy please click <a href="https://bitso.com/terms" target="_blank">here</a>.</span></li>
</ul></div>