Campus Pride Jobs

Mobile Campus Pride Logo
Home View All Jobs (2,290,158)

Job Information

Liberty Latin America Information Security GRC Analyst in Panama

What’s the role

The Information Security GRC Analyst will support cybersecurity compliance and risk program initiatives. Reporting to the Senior Manager of Information Security GRC, this person will work closely with IT, Information Security, and key business stakeholders to support critical risk management processes and company certifications.

We are looking for an energetic, self-motivated individual to join our growing GRC Team. You will play a pivotal role in ensuring our company adheres to key regulatory and industry compliance requirements. You will help enhance our information security posture and compliance framework. This position involves leading teams that support audit activities and working closely with different stakeholders to maintain and improve our compliance and security standards.

What you’ll do

  • Deliver and/or lead technology and security audits across LLA markets, participating in all stages of the audit from planning, execution, reporting and follow-up. It is important to be able to deliver projects on time, within budget.

  • Fully understand and communicate the impact of audit findings, including root cause analysis. As technology and security can be complex, being able to communicate complex technical issues and ideas in simple terms is highly valued.

  • Make value-added recommendations to the business to improve controls, processes, and overall governance.

  • Engage with stakeholders to obtain a comprehensive understanding of the business under review and the implications for audit.

  • Drive GRC tool adoption and support tool management.

  • Build trust and credibility with technology stakeholders throughout the audit process.

  • Maintain audit documentation in accordance with LLA audit methodology.

  • Implements security controls, risk assessment framework, and program that aligns to all relevant laws and regulatory requirements, ensuring documented and sustainable compliance that aligns with LLA objectives.

  • Evaluates risks and develops security standards, procedures, and controls to manage risks. Improves LLA security positioning through process improvement, policy, automation, and the continuous evolution of capabilities.

  • Update security controls and provides support to all stakeholders on security controls covering internal assessments, regulations, protecting Personally Identifying Information (PII) data, and Payment Card Industry Data Security Standards (PCI DSS) as applicable.

  • Assists other staff in the management and oversight of security program functions.

  • Remains current on best practices and technological advancements and acts as the organizations’ resource for security assessment and regulatory compliance.

  • Maintains knowledge of applicable rules, regulations, policies, laws, and guidelines that may impact any LLA locations.

  • Additionally, the successful candidate will have good experience conducting technical control assessments of information security controls and processes within data center and cloud environments.

Required Education / Qualifications

  • Bachelor or Graduate degree in a cybersecurity, information systems, or related field

  • Equivalent Education and/or Experience - May have an equivalent combination of education and/or experience in lieu of specific education and/or experience as stated above.

  • Industry related certifications: Certified Information Systems Auditor (CISA), Certified Information Security Manager (CISM) or Certified Information Systems Security Professional (CISSP), ISO 27001 Lead Auditor certification.

Required Experience:

  • 5 years’ experience in a cybersecurity, audit, risk, compliance, or GRC role required.

  • Working knowledge of common security and privacy frameworks and regulation (e.g. ISO, NIST, CIS, SOC 2, HIPAA, CCPA, PCI DSS, COBIT, and ITIL)

  • Experience performing or supporting audit for ISO 27001 (Information Security), ISO 22301 (Business Continuity), ISO 9001 (Quality Management Systems), PCI DSS (Payment Card Security Standard), SOC 1, SOC 2, and SOC 3 audits.

  • Knowledge of security controls and their implementation, including technical and administrative controls.

  • Knowledge and experience in supporting a security compliance program and leading remediation efforts for relevant domestic and internationally accepted security standards and best practices such as PCI DSS, ISO 27001, HIPAA/HITECH, GDPR, NIST, OWASP, SSAE-18 SOC1, SOC2 TSC, and SOX ICFR/ITGC.

  • Practical & technical understanding of: Local area networks, Microsoft Active Directory / GPO, Data Loss Prevention, Encryption Technologies, Vulnerability Management, Intrusion Detection Systems, Intrusion Prevention Systems, Linux Operating Systems, Windows Operating Systems, Communication Protocols, Multi-factor authentication, Cloud Access Security Broker, Endpoint Detection and

  • Actively pursuing certification or certified in one or more of an industry recognized security certification such as CISA, CISM, CISSP, PCI-ISA, ISO 27001 Lead Auditor, PCIP, GSEC, CEH, or AWS Certified Security

  • Strong ability to analyze processes that store, transmit, and/or process data and measure such processes against industry best practices, regulatory requirements, and business requirements to ensure adequate protection of the confidentiality, integrity, and availability of such data.

  • Strong capability to transform broad direction into tangible action plans.

  • Capable of presenting information to diverse audiences in an engaging, succinct, and effective manner.

  • Strong ability to support the legitimacy of review findings and associated recommendations with rational, defensible arguments that correlate to regulatory or business requirements, and best practices of information security.

  • Response Technologies, Security Information and Event Management Tools, system, application, SDLC, cybersecurity, and cloud security controls.

Skills & Abilities:

  • Fluency in English and Spanish.

  • Strong written, verbal, presentation, and interpersonal skills.

  • Possess strong report development and presentation abilities with standard office software suites.

  • Excellent written and verbal communication skills.

  • Self-motivated, able to operate and lead autonomously.

  • Ability to coach and motivate process and control owners.

  • Highly organized and able to independently manage to deadlines.

  • Able to assess organizational internal control failures, build a remediation plan and manage through to delivery.

  • Able to manage stakeholders located in multiple countries with or without direct line management responsibility.

  • Strong ability to create and maintain process adherence.

  • Effectively gathers information.

  • Focus on quality and timely delivery.

  • Solid business planning experience, demonstrating a track record of success as a business leader.

  • Able to collaborate with various departments to achieve mutual success.

  • Demonstrate strong influencing and persuading skills, encourage colleagues and teams to change established processes, achieve defined improvements and best practice.

  • Must be able to listen and communicate effectively with executive level staff and leadership teams.

  • Ability to work collaboratively with cross-functional teams, including IT, legal, and business units, to ensure compliance and risk mitigation.

Required Education / Qualifications

  • Bachelor or Graduate degree in a cybersecurity, information systems, or related field

  • Equivalent Education and/or Experience - May have an equivalent combination of education and/or experience in lieu of specific education and/or experience as stated above.

  • Industry related certifications: Certified Information Systems Auditor (CISA), Certified Information Security Manager (CISM) or Certified Information Systems Security Professional (CISSP), ISO 27001 Lead Auditor certification.

Required Experience:

  • 5 years’ experience in a cybersecurity, audit, risk, compliance, or GRC role required.

  • Working knowledge of common security and privacy frameworks and regulation (e.g. ISO, NIST, CIS, SOC 2, HIPAA, CCPA, PCI DSS, COBIT, and ITIL)

  • Experience performing or supporting audit for ISO 27001 (Information Security), ISO 22301 (Business Continuity), ISO 9001 (Quality Management Systems), PCI DSS (Payment Card Security Standard), SOC 1, SOC 2, and SOC 3 audits.

  • Knowledge of security controls and their implementation, including technical and administrative controls.

  • Knowledge and experience in supporting a security compliance program and leading remediation efforts for relevant domestic and internationally accepted security standards and best practices such as PCI DSS, ISO 27001, HIPAA/HITECH, GDPR, NIST, OWASP, SSAE-18 SOC1, SOC2 TSC, and SOX ICFR/ITGC.

  • Practical & technical understanding of: Local area networks, Microsoft Active Directory / GPO, Data Loss Prevention, Encryption Technologies, Vulnerability Management, Intrusion Detection Systems, Intrusion Prevention Systems, Linux Operating Systems, Windows Operating Systems, Communication Protocols, Multi-factor authentication, Cloud Access Security Broker, Endpoint Detection and

  • Actively pursuing certification or certified in one or more of an industry recognized security certification such as CISA, CISM, CISSP, PCI-ISA, ISO 27001 Lead Auditor, PCIP, GSEC, CEH, or AWS Certified Security

  • Strong ability to analyze processes that store, transmit, and/or process data and measure such processes against industry best practices, regulatory requirements, and business requirements to ensure adequate protection of the confidentiality, integrity, and availability of such data.

  • Strong capability to transform broad direction into tangible action plans.

  • Capable of presenting information to diverse audiences in an engaging, succinct, and effective manner.

  • Strong ability to support the legitimacy of review findings and associated recommendations with rational, defensible arguments that correlate to regulatory or business requirements, and best practices of information security.

  • Response Technologies, Security Information and Event Management Tools, system, application, SDLC, cybersecurity, and cloud security controls.

Skills & Abilities:

  • Fluency in English and Spanish.

  • Strong written, verbal, presentation, and interpersonal skills.

  • Possess strong report development and presentation abilities with standard office software suites.

  • Excellent written and verbal communication skills.

  • Self-motivated, able to operate and lead autonomously.

  • Ability to coach and motivate process and control owners.

  • Highly organized and able to independently manage to deadlines.

  • Able to assess organizational internal control failures, build a remediation plan and manage through to delivery.

  • Able to manage stakeholders located in multiple countries with or without direct line management responsibility.

  • Strong ability to create and maintain process adherence.

  • Effectively gathers information.

  • Focus on quality and timely delivery.

  • Solid business planning experience, demonstrating a track record of success as a business leader.

  • Able to collaborate with various departments to achieve mutual success.

  • Demonstrate strong influencing and persuading skills, encourage colleagues and teams to change established processes, achieve defined improvements and best practice.

  • Must be able to listen and communicate effectively with executive level staff and leadership teams.

  • Ability to work collaboratively with cross-functional teams, including IT, legal, and business units, to ensure compliance and risk mitigation.

What you’ll do

  • Deliver and/or lead technology and security audits across LLA markets, participating in all stages of the audit from planning, execution, reporting and follow-up. It is important to be able to deliver projects on time, within budget.

  • Fully understand and communicate the impact of audit findings, including root cause analysis. As technology and security can be complex, being able to communicate complex technical issues and ideas in simple terms is highly valued.

  • Make value-added recommendations to the business to improve controls, processes, and overall governance.

  • Engage with stakeholders to obtain a comprehensive understanding of the business under review and the implications for audit.

  • Drive GRC tool adoption and support tool management.

  • Build trust and credibility with technology stakeholders throughout the audit process.

  • Maintain audit documentation in accordance with LLA audit methodology.

  • Implements security controls, risk assessment framework, and program that aligns to all relevant laws and regulatory requirements, ensuring documented and sustainable compliance that aligns with LLA objectives.

  • Evaluates risks and develops security standards, procedures, and controls to manage risks. Improves LLA security positioning through process improvement, policy, automation, and the continuous evolution of capabilities.

  • Update security controls and provides support to all stakeholders on security controls covering internal assessments, regulations, protecting Personally Identifying Information (PII) data, and Payment Card Industry Data Security Standards (PCI DSS) as applicable.

  • Assists other staff in the management and oversight of security program functions.

  • Remains current on best practices and technological advancements and acts as the organizations’ resource for security assessment and regulatory compliance.

  • Maintains knowledge of applicable rules, regulations, policies, laws, and guidelines that may impact any LLA locations.

  • Additionally, the successful candidate will have good experience conducting technical control assessments of information security controls and processes within data center and cloud environments.

DirectEmployers