IT Compliance Analyst

Location: Bogota, Colombia

Telesign connects, protects and proactively defends companies, customers and the digital interactions between them. With powerful AI that delivers identity with speed, accuracy and global reach, we enable Continuous Trust. Empowering companies to transact, communicate and engage with their customers free of fear, Continuous Trust makes the promise of the digital economy possible. 

We are seeking an experienced and diligent Security and Compliance Analyst to join our team. The successful candidate will be responsible for overseeing all aspects of information security within the organization, ensuring compliance with industry standards and best practices. The Security and Compliance Analyst will report directly to the Risk and Compliance Manager and collaborate closely with various departments to implement and maintain effective security and compliance measures.

Responsibilities:

• Execute internal and external audit engagements to ensure compliance with ISO27001, SOC2, HIPAA, and PCI standards. Coordinate with relevant teams to collect evidence, address any identified gaps or issues promptly.
• Regularly assess and report on information security risks to the Manager – Governance, Risk and Compliance (GRC). Conduct quarterly management review meetings to discuss risk mitigation strategies and progress.
• Analyze results from vulnerability management scans and penetration tests. Provide comprehensive reports on identified vulnerabilities and risks. Communicate findings to the security committee and recommend appropriate remediation actions.
• Develop and implement robust security policies, procedures, and controls aligned with industry standards and regulatory requirements. Ensure ongoing compliance and adherence to established policies across the organization.
• Develop and maintain incident response plans and procedures. Lead incident response efforts in the event of security breaches or incidents, ensuring timely resolution and appropriate follow-up actions.
• Develop and deliver security awareness training programs for employees to enhance understanding and compliance with security policies and practices.
• Evaluate and recommend security tools and technologies to enhance the organization's security posture. Oversee the implementation and integration of selected security solutions.
• Collaborate with procurement and vendor management teams to conduct security assessments of third-party vendors and service providers. Ensure that vendors meet the organization's security requirements and standards.
• Keep abreast of the evolving threat landscape, legal and regulatory requirements, and customer contractual obligations. Implement proactive measures to address emerging security challenges effectively.

Qualifications:

• Bachelor's degree in Information Security, Computer Science, or related field (Master's degree preferred).
• Professional certifications such as CISSP, CISM, or CISA highly desirable.
• Minimum of 5-7 years of experience in information security management roles.
• In-depth knowledge of ISO27001, SOC2, HIPAA, PCI, and other relevant standards and regulations.
• Experience in conducting audit engagements and managing compliance initiatives.
• Strong analytical skills with the ability to assess complex security issues and risks.
• Excellent communication and interpersonal skills, with the ability to interact effectively with stakeholders at all levels.
• Proven track record of successfully implementing and managing security programs and initiatives.
• Experience with security tools and technologies, such as vulnerability scanners, SIEM, and GRC solutions and tools.
• Ability to work independently and collaboratively in a dynamic environment.
• Potentially to become hybrid next year, availability to go to the office once a week if necessary.

About Telesign:

Telesign connects, protects, and defends the customer experience with intelligence from billions of digital interactions and mobile signals. Through developer-friendly APIs that deliver user verification, digital identity, and omnichannel communications, we help the world's largest brands secure onboarding, maintain account integrity, prevent fraud, and streamline omnichannel engagement.

Telesign is proud to be an equal opportunity employer. We believe our differences help us create a better workplace, a better product, and a better community. We do not discriminate on the basis of race, color, ancestry, religion, national origin, marital status, pregnancy, sex, sexual orientation, gender, gender identity or expression, age, genetic information, disability, military or veteran status, or any other basis protected by federal, state or local law, ordinance or regulation.

Telesign is an Affirmative Action Employer and as part of the commitment to AAP, it will seek to ensure affirmative action to provide equality of opportunity in all aspects of employment, and that all personnel activities, such as the recruitment selection, training, compensation, benefits, discipline, promotion, transfer, layoff and termination processes remain free of illegal discrimination and harassment based on protected characteristics.

Telesign does not accept unsolicited resumes from individual recruiters or third party recruiting agencies in response to job postings. No fee will be paid to third parties who submit unsolicited candidates directly to our hiring managers or HR team.

NOTICE TO ALL POTENTIAL JOB CANDIDATES

We recently have become aware of individuals, unaffiliated with Telesign Corporation, who have been sending out fake employment offers using a name similar to ours, in an apparent attempt to defraud would-be job candidates. In a recent example, a scam email was sent from the @outlook.com domain. All emails sent on behalf of Telesign will come from email addresses ending in @telesign.com.

Please be advised that Telesign Corporation does not solicit candidates for employment via email - nor do we require or ask for fees or payments during any phase of the recruitment or hiring process. If any person solicits financial information, fees, or payments from you as part of the "recruitment process" or as part of a purported employment offer, you should assume that the communication is not from Telesign Corporation and is not sanctioned or approved by our Company.

If you have received one these offers or believe you have been the victim of fraudulent activity via the internet, we would appreciate you filing a complaint with the Internet Crime Complaint Center at the link below:

http://www.ic3.gov/default.aspx

#LI-Remote