Information Security Risk Management Lead

As an Information Security Lead, you will be a key player in the planning, design, implementation, operation and maintenance of the organization's Information Security Risk Management program, guaranteeing that it complies with the legal and regulatory requirements, as well as implementing and promoting the adoption of security and risk standards such as ISO, NIST, FAIR, and others.

• Drive and maintain an information security risk management program around people, processes and technology.
• Develop a Security Risk Management Program with the support of stakeholders and in accordance with applicable laws, regulations and the Corporate Risk framework.
• Develop methods to monitor and measure risk, compliance, and assurance efforts.
• Contribute to the definition and formalization of the risk tolerance levels for the organization.
• Provide input to the Corporate Risk team on security and technical risks, mitigation, operational procedures and other processes.
• Ensure that plans of actions or remediation plans are in place for vulnerabilities identified during risk assessments, audits, inspections, etc.
• Develop and manage procedures to investigate and audit vendors for compliance with privacy and data security policies and legal requirements.
• Monitor the external threat environment for emerging threats and advise relevant stakeholders on the appropriate courses of action.
• Perform Vendor Risk assessments, including due diligence and third‑party security audits.
• Contribute to the design and implementation of risk and security solutions, processes or policies requiring a general understanding of risk and security practices and procedures.

• 5+ years of experience in a security management role.
• Strong leadership skills and the ability to work effectively with business managers, IT engineering, and IT operations staff.
• Proficiency in information security domains, including policies and standards, risk and control assessments, risk and control governance and metrics, incident management, secure systems development lifecycle, vulnerability management, and data protection.
• Demonstrated technical expertise in development and management of BCMS documentation, including Business Impact Analysis, Business Continuity Incident Management, and Business Continuity planning.
• Demonstrable experience of using data analysis tools and techniques to support the timely and accurate provision of risk and/or resilience information.
• Security certifications including but not limited to CISSP, CISA, ISO.
• Lead Auditor, CRISC or any other technical certification.
• Well organized, able to prioritize workload in line with tight deadlines, highly numerate, with excellent analytical and problem‑solving skills and strong attention to detail.
• Excellent written and verbal communication skills.
• English language proficiency.

Bitso is Latin America’s leading cryptocurrency platform. Our goal is to evolve how we think about and use money. We believe that we should all have the opportunity to use our money whenever we want it, and how we want it, without boundaries or schedules. To achieve this, we provide individuals with fast, cheap, seamless and user‑friendly financial services powered by blockchain technology. Cryptocurrencies do not rely on intermediaries to give them legitimacy or value. Instead, they are valuable because of the peer‑to‑peer technology that powers them. We firmly believe in crypto and the use cases it has. It’s time for the world to upgrade to a fair, open, transparent, and global financial system for all.

#makecryptouseful.

Bitso promotes an environment where people are treated fairly and with respect, free of discrimination, bullying, harassment, violence or threats.

• Purpose: You’ll be part of something bigger, working towards financial disruption and inclusion across Latin America.
• Culture: You’ll work in a thriving, friendly, and fun environment that promotes open discussions, jokes, learning, video games, and lots of fun.
• People: You’ll work with some of the most driven and intelligent people in the crypto space, engaging with a network of diverse talent from 25+ nationalities bound by our quest to #makecryptouseful.
• Salary: We pay competitively in the countries where we operate.
• Venue: Work from wherever you want, work asynchronously; this role is fully remote to give you maximum freedom.
• Unlimited Paid Time‑Off: You choose your number of days.