Cybersecurity Manager

Cybersecurity Manager II leads the organization's comprehensive security operations, driving strategic initiatives across incident response, offensive security, and cloud protection domains. This role safeguards digital assets, maintains operational resilience, and defends against evolving cyber threats. It requires technical expertise, strategic vision, and leadership to build a mature security program that protects against sophisticated adversaries and aligns with privacy strategies and regulatory requirements, especially in high-compliance environments such as the financial sector and SPEI infrastructure. As a senior leader, this individual shapes the security culture, mentors technical teams, and serves as a trusted advisor to executive leadership on cybersecurity risk and strategy.

• Bachelor's degree in Computer Science, Information Security, or related field; Master’s preferred
• Deep expertise in incident response, penetration testing, vulnerability management, and IAM
• Strong understanding of cybersecurity frameworks (e.g., NIST, ISO 27001, MITRE ATT&CK)
• Proficiency in scripting languages (e.g., Python, PowerShell) for security automation
• Knowledge of AI and machine learning applications in cybersecurity
• Extensive knowledge of AWS services and security best practices
• Excellent communication, analytical, and problem-solving skills
• Experience presenting to and advising executive leadership
• Desired Certifications like CISSP, CCSP, AWS, GCIH, GPEN, GNFA, OSCP, OSCE are a plus
• Strong understanding of data privacy laws and regulatory frameworks, particularly GDPR and LFPDPPP
• Broad understanding of security governance, compliance, and regulatory standards in the financial sector
• Familiarity with information security, data protection, and legal or compliance best practices
• Understanding of design principles and user experience as they relate to secure systems
• General awareness of SOX compliance (a plus)
• Privacy certifications (e.g., CIPP, CIPM) are an advantage
• Excellent written and verbal communication in English
• Strong skills in critical thinking, organization, and negotiation
• Empathy and a customer-focused mindset
• Familiaridad con la seguridad de la información, la protección de datos y las mejores prácticas legales o de cumplimiento normativo
• Comprensión de los principios de diseño y la experiencia del usuario en relación con los sistemas seguros
• Conocimiento general del cumplimiento de la ley SOX (se valorará)
• Se valorarán las certificaciones de privacidad (p. ej., CIPP, CIPM)
• Excelente comunicación escrita y oral en inglés
• Sólidas habilidades de pensamiento crítico, organización y negociación
• Empatía y mentalidad orientada al cliente
• 10+ years of experience in cybersecurity areas, with at least 5 years in a leadership role
• Experience with CI/CD security practices and tools
• Experience with cloud security tools and practices
• Bachelor's degree in Engineering, Accounting, Economics, Actuarial Science, Finance, or a related field; Master’s degree highly desirable
• Minimum of 2 years of hands-on experience working with data privacy programs and legal compliance, particularly for data controllers
• Demonstrated experience in regulatory compliance and internal controls within the financial services sector
• Proven track record in managing roles and access to critical information systems
• Experience working with multidisciplinary teams to implement data protection strategies
• Previous responsibility for third-party vendor security and privacy assessments
• Practical involvement in developing, implementing, and enforcing cybersecurity policies
• Experience managing infrastructure and logical security controls related to SPEI operations is highly desirable

• Incident Response and Automation
• Develop, implement, and maintain the organization's incident response plan
• Lead a team of incident responders to quickly and effectively address security incidents
• Conduct post-incident reviews and implement lessons learned
• Liaise with legal, PR, and executive teams during major security events
• Design and implement automation strategies to streamline incident response processes
• Develop and maintain scripts for automated threat detection, analysis, and remediation
• Integrate AI and machine learning technologies into incident response workflows for enhanced threat detection and decision support
• Oversee the development and maintenance of a centralized incident response platform
• Continuously evaluate and implement new technologies to improve incident response capabilities
• Red Team Operations, DevSecOps, and Vulnerability Management
• Oversee the planning and execution of red team exercises to test organizational defenses
• Analyze red team findings and develop strategic recommendations for security improvements
• Collaborate with the blue team to enhance detection and response capabilities
• Develop and maintain a comprehensive vulnerability management program
• Implement and oversee vulnerability scanning, prioritization, and remediation processes
• Integrate security testing into CI/CD pipelines to ensure secure software development
• Collaborate with development teams to implement security best practices in the CI/CD process
• Conduct regular security assessments of CI/CD workflows and tools
• Identity and Access Management (IAM)
• Develop and maintain IAM policies, procedures, and best practices
• Oversee the implementation and management of IAM solutions
• Ensure compliance with relevant security standards and regulations
• Regularly review and optimize access controls across the organization
• Cloud Security
• Oversee security operations in cloud environments, particularly AWS
• Implement and maintain security best practices for AWS services
• Ensure proper configuration and monitoring of AWS security services (e.g., AWS IAM, GuardDuty, Security Hub)
• Conduct security assessments of AWS deployments and recommend improvements
• General Management
• Lead and mentor a team of cybersecurity professionals
• Develop and manage department budgets
• Report to executive leadership on security metrics, initiatives, and risk posture
• Stay current with emerging threats, technologies, and industry best practices
• Design and refine end-to-end cybersecurity and privacy programs aligned with the organization’s business objectives and risk tolerance
• Lead the identification, assessment, and mitigation of cybersecurity and privacy risks in collaboration with technical teams and stakeholders
• Develop, enforce, and maintain security and privacy policies and procedures that adhere to industry standards and regulatory requirements
• Monitor evolving data protection regulations (e.g., LFPDPPP) and guide the organization in achieving and maintaining compliance to mitigate legal risks
• Implement awareness and training programs to cultivate a strong cybersecurity and privacy culture across the organization
• Assess and manage the security and privacy posture of third-party vendors handling sensitive data
• Design and implement cybersecurity strategies and policies specific to SPEI environments, ensuring alignment with applicable regulatory requirements
• Oversee and enforce information security policies and procedures for the IT infrastructure supporting SPEI operations
• Implement and maintain logical security controls related to SPEI operations
• Administer and support the technological infrastructure used for SPEI interactions