Talent.com
Director Ciso (Chief Information Security Officer)...

Director Ciso (Chief Information Security Officer)...

Banco Finandina S.A. BicBogotá, Bogotá, Distrito Capital, CO
Hace 21 horas
Descripción del trabajo

Information Security Officer

  • Cloud security en AWS, Azure y GCP.

Main responsibilities :

  • Perform Risk assessments on : new projects, assets or Tools
  • Manage Risk Register on compliance exemptions and risk acceptance (including expiry and renewal)
  • Collaborate with the Security MSPs and the rest of security officers from other regions to deal with global emerging threats.

    • Compliance Management

    Support GRC global officer on specific tasks related but not limited to :

  • Evidence collection and recording (MCS & Audits)
  • Audit support
  • Development and management of control processes
  • Post Audit action tracking

    • Change and project support

  • Provide Security Reviews & Approvals on SNOW changes
  • Security representation in zone CAB / E-CAB when required
  • Security reviews of new demands and project charters
  • Support / drive Security initiatives (Global or Regional)

    • Protect : Security Operations

  • Collaborate providing knowledge on managing, supporting and monitoring regular security relevant processes like : Patch Management, Backup & Restore, DR & BCP, Malware
  • Follow up Globally Patch management process trying to improve the following areas :
  • Consolidation of asset scope sources (CMDB, manual lists, …)
  • Provide visibility to teams of the vulnerabilities detected
  • Homogenization of patching processes for all the zones
  • Ensuring completeness of vulnerability detection and patching activities
  • Detection of area for improvement
  • Lead the Security operations related to the Network, this includes the following components : Firewall main configuration, IDS / IPS rules configuration, WAF default configuration and baseline, Proxy configuration and IoC lifecycle

    • Detect : Security Operations

  • Lead / Drive globally the vulnerability management process
  • Coordinate Threat Hunting operations provided by a third party :
  • Providing necessary access to the external consultants
  • Provide access to the internal resources needed (hardware, software and contacts)
  • Coordination and deployment management of the needed agents
  • Register the necessary findings and ensure they are followed up and properly closed.

    • Respond : Security Operations

  • Work on Security Incident & Problem management
  • Provide P1 / Major Security Incident support
  • Be involved on Forensic activities

    • Profile Required

    Education / qualifications normally required

  • Graduate degree in Business or Management; Bachelor's degree in Computer Science, Engineering, or a related discipline with an IT focus.
  • Security certifications (CISM, CISA, ISO 27001, CISSP, CRISC, ITIL, CMMI, CompTIA Security+, NCSF, CHFI) would be an asset.

    • Specific work experience

  • Experience in IT Security and other operational / compliance IT roles
  • Broad technical security knowledge of IT services, technology and IT solutions.
  • Specific expertise in one or more of the following would be a plus :
  • Cloud Security → CCSP / GCSA
  • Industrial Technology (OT) Security → CDSE / GICSP / ISP / ISOC
  • Extensive experience in delivering IT security projects, assessments and audits
  • Practical experience of risk management
  • Experience in implementing Policies and Procedures in compliance with Information Security Management System Standards (ISO 27000 series)
  • Strong knowledge of regulatory requirements and security policies and standards
  • Broad knowledge of IT services, Technologies and IT solutions
  • Work experience in a related industry setting (cement, aggregate, ready-mix)
  • Strong decision making skills and ability to challenge decisions of others
  • Good negotiation skills with vendors, contractors and other suppliers

    • Technical / functional skills

  • Ability to develop and implement IT policies and governance
  • Ability to run information security audits and test cyber resilience
  • Profound knowledge of Information Security and Compliance standards (e.g. ISO 27001 / 2, GDPR, NIST, HIPAA, etc)
  • Strong knowledge and understanding of networking & infrastructure security, both on premise and in cloud (IaaS)
  • Experience with Cyber Security incidents and response
  • Ability to review technical architecture documentation for demand / project / change proposals to identify security related risks or compliance concerns.
  • Ability to conduct deep technical research into issues and products.
  • Profound project management skills
  • Ability to deal with difficult situations, unclear priorities and blocking stakeholders
  • Ability to communicate openly and effectively with many diverse constituencies and stakeholders
  • Ability to work decisively under heavy workload considering the criticality, urgency and extended work hours required to ensure the availability of the service in accordance to service level commitments
  • Ability to manage multi-cultural and geographically diverse teams
  • High willingness to drive transformation and service improvement
  • Strong customer / end-user / client service orientation
  • Highly self-motivated and directed
  • Keen attention to detail
  • Capability for problem solving, decision making, sound judgment, assertiveness

    • Leadership and managerial abilities

  • Strong relationship building and interpersonal skills
  • Ability to lead and inspire teams across companies and cultural barriers
  • Ability to champion new initiatives and technologies – "Change Leader"

    • Information Security Consultant

    We are seeking a delivery-focused Information Security Consultant with strong technical expertise in endpoint and network protection to join a global technology organization. This hands-on role will be responsible for continuously improving the design and performance of IT security tools, endpoint protection, log collection, and related monitoring systems across enterprise environments.

    Key Responsibilities

  • Manage and enhance existing endpoint protection and log collection solutions in line with internal security policies.
  • Develop, maintain, and troubleshoot enterprise-level security tools.
  • Deploy and manage policies and software configurations across global systems.
  • Provide technical support for high-priority incidents and lead root cause analysis.
  • Drive continuous improvement and participate in rebuild initiatives for existing security components.
  • Collaborate with infrastructure, operations, and project teams to ensure optimal performance and compliance.

    • Key Focus Areas

  • Incident Response and performance troubleshooting

    • Qualifications

  • Experience in Information Security, Infrastructure, or IT Operations.
  • Solid hands-on experience with endpoint protection tools from a Product Owner or Administrator perspective.
  • Experience with SIEM, SOAR, Sentinel, Skyler, or CRIBL.
  • Strong technical understanding of enterprise infrastructure.
  • Experience in global or enterprise environments preferred.
  • Bachelor's degree in computer science, Information Systems, or related field (or equivalent experience).
  • Strong analytical and problem-solving skills.
  • Excellent communication with technical and leadership teams.
  • Detail-oriented and proactive.
  • System thinker with the ability to see interconnections within complex environments.
  • Self-motivated, able to work under minimal supervision.

    • Location

  • Hybrid or on-site – Bogota

    • #J-18808-Ljbffr

    Crear una alerta de empleo para esta búsqueda

    Security Officer • Bogotá, Bogotá, Distrito Capital, CO