Summary

• Monitoring and ensure the proper compliance at all times of the Global Essentials Compliance and Security Policies within operations and support areas. Give support as a security consultant to all operation and support areas for any Information Security best practices on the local sites. Give support to other sites of TP NSR by traveling and performing internal audits or for any continuous improvement needed. Attend to site meetings to ensure the correct execution of the security controls implemented throughout the internal processes.

Key Responsibilities

• Ensure all employees receive the security Awareness program.
• Follow up and execute activities related with the ISO 27001/PCI/SOC2/HITRUST/ISO27701/GECSP
• Being the POC with operations for information security.
• Ensure the fully compliance of the security contractual requirements of current local clients within the assigned sites.
• Execute internal audits at least on a quarterly basis (or for any business reason), ensuring the compliance and adherence to the internal policies and standards.
• Collect, review and upload the necessary documentation/evidence into the corporate portal TP Policy according to the control frequency for security and data privacy controls.
• Review within Service desk all the local request that require authorization from Information Security in order to ensure the security compliance.
• Provide support on incident response related tasks.
• Execute all the security risk assessment for each line of business.
• Follow up and report security compliance metrics to managers and above.
• Provide support as a security consultant to all operation and support areas for any Information Security best practices on the local sites.
• Ensure that the security culture is implemented and continuously improved within the designated sites.
• Proper follow up to all policy compliance incidents.
• Propose ideas to the possible solutions to mitigate security risk behaviors.
• Execute internal audits at least on a quarterly basis (or for any business reason), ensuring the compliance and adherence to the internal GECSP policies.
• Provide support for internal and external audits at least once a year or for any business reason, ensuring the compliance and adherence to the security international standards, frameworks and best practices such as PCI DSS, ISO IEC 27001:2013, SOC2 Type 1&2, HIPAA/Hi trust, ISO 27701 and others.
• Provide support to client Security Audits.
• Maintain all risks Documents and review with the OSM.
• Implement Security controls to mitigate all risks detected on the SRA.
• Follow up and document all activities related to Corrective Actions (Fraud investigations, external/internal and client audits, security frameworks such as PCI DSS, ISO IEC 27001:2013, SOC2 Type 1&2, HIPAA/Hi trust, ISO 27701 and others).
• Attend to site meetings to ensure the correct execution of the security controls implemented throughout the internal processes.
• Attend actively to the weekly meetings with the different department leads and managers in each site assigned.
• Execute the signing process for all Security Policies at all levels of the site(s) or subsidiary and report the status in a weekly basis manager, directors, and C-Levels
• Execute the process of Monthly Security Communication Acknowledge and report the status in a weekly basis to managers.
• Monitor and resolve daily operational requirements effectively in accordance with GECSP policies, TISPS Standards and Privacy Controls, best practices, and international security standards.
• Report to the Hotline any possible security fraud incidents.
• Give local support for any security training.
• Give support to other sites of TP NSR by traveling and performing internal audits or for any continuous improvement needed.
• Be part of the Incident Management Team of the Business Continuity Plan (BCP) for the assigned sites.
• Document and follow up on the Business Continuity Plan implementation, test exercises and action plans.
• Information Security management system document control.
• Risk analysist for software implementation.

Education and Specific Training:

• Bachelor's degree in Industrial Engineering or Criminology

Work Experience:

• 1 year of experience in the role or similar positions
• Knowledge in Continuous Improvement (Six Sigma, Lean, etc).
• Knowledge on any Management System such as ISOs or PCI.
• Knowledge on Information Technology / Information Security related fields.
• Experience on elaborating Standard Operating Procedures (SOPs), policies, standards or related documentation.
• Previous experience on security auditing is a plus.

Technical Skills:

• ISO 27001 and PCI Knowledge
• Advanced English
• Intermediate knowledge in the use of the Microsoft Office suite (Word, Excel, PowerPoint, Office 365 tools, etc.). Advanced knowledge is a plus.

Special Certifications:

• Internal auditor
• Preferred Certification Information Systems Auditor (CISA).

Soft Skills:

• Adaptability
• Customer orientation
• Teamwork
• Communication
• Initiative
• Leadership
• Strategic thinking
• Team development,
• Results-oriented
• Change Management
• Empowerment