Information Security Manager

Cyber Risk and Compliance Technical Manager

Job Summary

The Cyber Risk and Compliance Technical Manager acts as the guardian of the organization's digital assets, ensuring the identification, analysis, and mitigation of cybersecurity risks. This professional supervises and conducts audits on security controls, develops technical documentation, and ensures internal practices align with applicable standards and regulations, fostering a culture of security and compliance across all levels of the company.

Responsibilities

Risk Management:

• Lead the identification, measurement, evaluation, and management of cybersecurity risks.
• Implement methodologies and continuous processes for risk monitoring and mitigation.
• Keep the risk map updated and respond to any identified deviations.

Control Audits:

• Plan and execute internal and external audits on security controls.
• Assess the effectiveness of protection mechanisms and recommend corrective actions when necessary.
• Ensure corrective actions are implemented and tracked by stakeholders.

Documentation Preparation:

• Assist in the development and maintenance of information security policies, procedures, and guidelines.
• Produce technical reports that highlight compliance levels and any vulnerabilities identified.

Regulatory Compliance:

• Ensure activities and processes are aligned with applicable regulations and standards (e.g., GDPR, ISO 27001, NIST, NIS2).
• Stay updated on legislative and market changes that impact cybersecurity.

Stakeholder Interaction:

• Collaborate with internal and external parties (auditors, consultants, and regulatory bodies) to ensure continuous improvement of controls and compliance processes.
• Promote training and awareness campaigns on security and compliance policies.

Skills

Technical and Analytical:

• Strong competency in analyzing and managing cybersecurity risks.
• In-depth knowledge of security frameworks and standards such as ISO 27001, NIST, COBIT, among others.

Audit and Control:

• Proven experience in auditing systems and internal controls, with skills in identifying gaps and proposing corrective actions.

Documentation and Communication:

• Ability to create clear and precise technical documentation.
• Ability to communicate complex concepts in an accessible way to diverse audiences, including technical and executive teams.

Management and Leadership:

• Proactive profile with the ability to lead interdisciplinary initiatives.
• Ability to work under pressure and manage multiple projects simultaneously.

Personal Development and Adaptability:

• Willingness to stay updated on trends and threats in cybersecurity.
• Ability to adapt to regulatory and technological changes.

Education and Additional Requirements

Academic Background:

• Degree in Computer Science, Systems Engineering, Information Technology, or related areas.
• Postgraduate studies or specializations in Information Security are considered a differentiator.

Certifications:

Recognized certifications in the field, such as CISSP, CISM, CRISC, ISO 27001 Lead Implementer/Auditor, among others, are desirable.

Professional Experience:

• Proven experience in managing cyber risk, auditing controls, and regulatory compliance.
• Experience in dynamic and complex environments, preferably in medium to large organizations, is desirable.

Specific Knowledge:

• Familiarity with risk and compliance management tools and systems.
• Practical knowledge of interpreting and applying international standards and regulations.

Languages and Tools:

• Proficiency in technical English for reading and analyzing specialized documentation.
• Experience with software and platforms for risk management, auditing, and compliance.