Information Security Internal Compliance & Regulatory Specialist
Latin America
Bitso
Open a personal or business account and begin using the power of crypto. Thanks to Bitso, over 7 million people own Bitcoin, Ether and Digital Dollars.Working At Bitso
We are a diverse team that takes pride in understanding the perspectives of others. We fully embrace working remotely and we are eager to act, improve and accelerate progress inside and outside of our organization.
To drive revolutionary changes in society and make crypto useful, we delight our customers with world-class products, deep care, and intentional empathy.
Your Purpose
As our Information Security internal and Regulatory Compliance Specialist, you will be an integral part of the Information Security Governance, Risk, and Compliance team. Your role will involve defining, managing, enhancing, and maintaining the information security compliance program, as well as monitoring the effectiveness and maturity of Bitso's information security controls. Your role is essential to ensure company policies, technical standards and procedures are met, as well as support the definition of plans and mitigation activities for any identified gaps. Additionally, you will be responsible for coordinating and supporting external/internal audit and compliance exercises, including technical assessments.
As part of the information security governance, risk, and compliance team you will:
- Use holistic approaches interconnecting governance, risk, and compliance through project management and the application of industry best practices and standards
- Connect information security with other teams
- Ensure that the different lines of business are aligned with the defined security culture
- Use Agile approaches in your projects
- Focus on quality and excellence in your results
Beyond our team, you will collaborate closely with:
- Organizational risk, compliance, and regulatory internal and external teams to ensure proper adherence to information security compliance processes
- Technical groups to assist in implementing technical standards, controls, and configurations aligned with security policies, legal requirements, and audit standards
Reports To
Information Security Engineering Manager
Who You Are
- Proven English fluency.
- You are an information security professional with a minimum of 5 years of experience in information security roles
- You possess at least 3 years of experience leading internal compliance assessments, leading internal audits, or acting as a strategic consultant with a focus on maturity assessments
- You have expert knowledge of information security frameworks and best practices (e.g., ISO 27k, COBIT, NIST 800, CSF, SANS CIS)
- You have proficiency in IT audit, compliance, and maturity assessments
- You are a Certified Information Systems Auditor (CISA) or possess an equivalent certification with a focus on IT audit
- You possess a competent understanding of the risk management process, with emphasis on risk treatment, monitoring, and control assessment phases
- You possess strong communication skills. These are crucial as the role involves coordinating with internal teams, external auditors, and various technical and non-technical groups. Being able to effectively communicate findings, recommendations, and remediation strategies to different levels of stakeholders is key
- You are detail-oriented. Given the role's responsibilities in monitoring compliance, identifying gaps, and managing security controls, attention to detail is vital. You should be meticulous in your work to ensure effective compliance and security measures are in place
- You are an agile and avid learner. Information security is a rapidly evolving field, so you have a willingness to continuously learn and stay updated on the latest trends, threats, and best practices in the industry. Keeping up-to-date will help in effectively implementing security measures
- Proven English proficiency. You are comfortable presenting to English speaking audiences and creating deliverables in that language. You are able to maintain a fluid conversation in English
- Finally, you are passionate about information security and you can see beyond the technology and controls. You find confluence points and create synergies. You believe in teamwork and you believe that by empowering an organization to protect itself you are on the side of a noble and much needed cause
- Optionally it is nice if you have:
-
- Minimum 2 years of strategic consulting experience, particularly within financial institutions.
- Additional certifications such as Certified ISO 27k Lead Auditor, CISSP, or PMP.
- Working knowledge with maturity models and frameworks (e.g. CMMI), cloud security best practices, project management (PMI), and Agile methodologies (e.g Kanban).
- Familiarity with Gibraltar Financial Services Commission regulations, General Data Protection Regulation (GDPR), and configuration management programs best practices.
What You Will Do
- Enhance and maintain the Information Security Compliance Program.
- Conduct regular information security and maturity assessments of Bitso’s information security controls, and follow up on treatment plans across the organization.
- Continually validate the organization against the internal information security governance framework to ensure compliance, monitor for non-conformities, and prepare reports and metrics with recommended remediation strategies.
- Collaborate with internal and external security audits, proactive technical assessments, and tracking findings and recommendations for appropriate action will be crucial aspects of your responsibilities.
- Design technical testing protocols.
- Define, implement, and maintain a configuration program of enterprise assets
- Guide the security engineering team, liaise with various departments as necessary, and ensure the quality of information security programs and projects.
Research in Diversity, Equity, and Inclusion suggests that individuals may hesitate to apply for jobs if they do not meet all the listed criteria. At Bitso, we value diversity and your unique strengths could be just what we're looking for. If this role excites you but you don't match every point in the description, we still want to hear from you.
Who We Are
With over 7 million users, Bitso is the leading cryptocurrency platform in Latin America. We are developing the cryptocurrency ecosystem in the region and enabling financial inclusion. We believe crypto is the future of finance, and we’re committed to making it useful by providing equal access to safe and intuitive financial products.
We are here to make a lasting impact on our customer’s lives and we do so by embracing our core values:
- Be Human: we delight our customers through great products, deep care and true empathy. We are humble and we take pride in understanding the views of others to help us see the full picture.
- Drive Change: we're fearless pioneers committed to unlocking the crypto revolution for humanity. We move fast, take risks and work together to drive lasting impact.
- Choose Bold Honesty: we seek the truth, especially when it’s uncomfortable, in our teams, products and business reality because that will uncover where we need to focus.
- Be An Owner: our sense of urgency makes us have a bias towards action, where we prioritize exceptionally and are wise in allocating our time to ensure we always deliver creative and innovative results.
Learn more about our culture and values.
Compensation & Benefits
At Bitso, you are taking the front seat on the edge of crypto innovation, creating the next generation of crypto-powered products.
So for those willing to commit, adapt and pioneer the most important change of the century we offer:
- Me Time program, including unlimited paid time off.
- Remote-first work environment.
- Employee Stock Option program.
- Zero trading fees through our Bitso app.
- Extended Family Leave policy: all birthing parents, non-birthing parents and adopting parents are eligible for a 4-months leave.
- Premium health, dental and life insurances in Mexico, Brazil and Argentina.
- Volunteering days.
- Monthly stipend for gym memberships, relaxation activities, sports equipment, cooking classes, books, entertainment and more.
Want to leave an undoubtedly legacy with us? Fasten your seatbelt and join this spaceship, where you will find exponential growth and the opportunity to thrive!
- These are the applicable requisites, although equivalent competencies in any of the above will also be considered.
- This role is expected to work remotely.
- To see our Privacy Policy please click here.
* Salary range is an estimate based on our InfoSec / Cybersecurity Salary Index 💰
Tags: Agile Audits CISA CISSP Cloud COBIT Compliance Confluence Crypto Finance GDPR Governance ISO 27000 Kanban Monitoring NIST Privacy Risk management SANS
Perks/benefits: Equity Fitness / gym Flex vacation Health care Home office stipend Unlimited paid time off
Explore more InfoSec / Cybersecurity career opportunities
Find even more open roles in Ethical Hacking, Pen Testing, Security Engineering, Threat Research, Vulnerability Management, Cryptography, Digital Forensics and Cyber Security in general - ordered by popularity of job title or skills, toolset and products used - below.
- Open Information Security Specialist jobs
- Open Senior Cyber Security Engineer jobs
- Open Ethical hacker / Pentester H/F jobs
- Open Information Systems Security Officer (ISSO) jobs
- Open Principal Security Engineer jobs
- Open Cyber Security Architect jobs
- Open Manager Pentest H/F jobs
- Open Product Security Engineer jobs
- Open Staff Security Engineer jobs
- Open Cyber Security Specialist jobs
- Open Senior Information Security Analyst jobs
- Open Cybersecurity Analyst jobs
- Open Chief Information Security Officer jobs
- Open Consultant infrastructure sécurité H/F jobs
- Open IT Security Analyst jobs
- Open Consultant SOC / CERT H/F jobs
- Open Cybersecurity Consultant jobs
- Open Senior Information Security Engineer jobs
- Open Security Specialist jobs
- Open Senior Penetration Tester jobs
- Open Senior Security Architect jobs
- Open Cybersecurity Specialist jobs
- Open Security Researcher jobs
- Open IT Security Engineer jobs
- Open Sr. Security Engineer jobs
- Open CISM-related jobs
- Open Windows-related jobs
- Open Network security-related jobs
- Open ISO 27001-related jobs
- Open Pentesting-related jobs
- Open Application security-related jobs
- Open Agile-related jobs
- Open GCP-related jobs
- Open Vulnerability management-related jobs
- Open CISA-related jobs
- Open SaaS-related jobs
- Open Analytics-related jobs
- Open Threat intelligence-related jobs
- Open IAM-related jobs
- Open APIs-related jobs
- Open Security assessment-related jobs
- Open Java-related jobs
- Open Malware-related jobs
- Open Security Clearance-related jobs
- Open DevOps-related jobs
- Open IDS-related jobs
- Open Forensics-related jobs
- Open CEH-related jobs
- Open EDR-related jobs
- Open Kubernetes-related jobs