Browse
···
Log in / Register
Job Summary: Lead the strategy, implementation, and operation of the organization’s comprehensive cybersecurity program, protecting data while aligning security practices with business objectives and regulatory requirements. Key Highlights: 1. Design and implement a comprehensive Information Security program. 2. Lead incident response and postmortem analysis. 3. Ensure compliance with regulations such as GDPR, HIPAA, and ISO 27001. **JOB OBJECTIVE** Lead the organization’s cybersecurity program strategy, implementation, and operations; protect the confidentiality, integrity, and availability of data, platforms, infrastructure, and critical processes, aligning security practices with business objectives and applicable regulations. **RESPONSIBILITIES** **Strategy and Governance** * Design, implement, and oversee the comprehensive Information Security program. * Establish security policies, standards, guidelines, and best practices. * Manage the security framework based on standards such as ISO 27001, NIST, CIS, or similar. * Conduct periodic risk assessments and define mitigation plans. **Operational Cybersecurity** * Oversee protection of networks, applications, cloud infrastructure, and endpoints. * Manage security tools including SIEM, EDR, IAM, CASB, WAF, among others. * Lead incident response, digital forensics, and postmortem analysis. * Coordinate penetration testing, vulnerability assessments, and audits. * Ensure compliance with Identity and Access Management (IAM) processes. **Regulatory Compliance and Privacy** * Ensure compliance with regulations such as GDPR, HIPAA, ISO 27001, Mexican Federal Law on Protection of Personal Data, or other applicable regulations in the healthcare sector. * Collaborate with legal, regulatory, and compliance teams to align policies and controls. * Manage third-party and vendor security assessments. **Management and Coordination** * Lead and develop the cybersecurity and infrastructure team. * Work closely with IT, development, product, and data teams. * Manage budgets, procurement, and the security tools roadmap. * Train the organization on security culture and best practices. **Requirements** * Bachelor’s degree in Computer Engineering, Information Technology, Cybersecurity, or related fields. * 3 years of experience in cybersecurity roles, including 2 years in leadership positions. * Solid knowledge of networking, cloud security (preferably GCP), web applications, infrastructure, and secure architecture. * Experience with SIEM, IDS/IPS, firewalls, encryption, IAM, vulnerability management, and monitoring tools. * Demonstrable experience in incident management and business continuity. * Knowledge of security regulations and standards (ISO 27001, NIST, CIS, OWASP). * Desired certifications: CISSP, CISM, CEH, ISO 27001 Lead Implementer/Auditor, Security+. * Skills to manage teams and communicate technical topics to non-technical audiences. **Skills and Competencies** * Leadership and strategic decision-making. * Strong analytical ability and risk management focus. * Effective communication and strategic business vision. * Critical thinking and resolution of complex problems. * Professional ethics, confidentiality, and accountability. Employment Type: Full-time, Indefinite-term Salary: $67,000\.00 \- $80,000\.00 per month Benefits: * Salary increases * Option for indefinite-term contract Experience: * Information Security: 3 years (Mandatory) License/Certification: * ISO 27001 Lead Implementer and/or Auditor (Desirable) Work Location: On-site employment
