Browse
···
Log in / Register
Job Summary: Lead the strategy and implementation of information security within a SaaS company, ensuring data protection and regulatory compliance. Key Highlights: 1. Lead security maturity in a financial SaaS company. 2. Full responsibility for technical, operational, and regulatory security. 3. Ensure compliance with ISO 27001 and ISO 42001. **How to Apply:** **Via the link below; applications through any other channel will not be accepted.** **https://wkf.ms/3W7So1X** Xira.ai is a SaaS company serving clients in the financial sector, implying high security, confidentiality, and compliance requirements. The organization has a robust technological foundation but is currently strengthening its security controls, governance, and operations. The candidate will be responsible for **leading this security maturity initiative**. 1\. Job Objective: Lead the strategy, implementation, and operation of information security at Xira.ai, ensuring: ● Effective protection of sensitive data managed by the platform ● Compliance with ISO 27001 and ISO 42001 standards ● Mitigation of critical risks in the short term ● Implementation of sustainable organizational-level controls The role carries direct responsibility for **end-to-end security management**, including technical, operational, regulatory, and customer-facing aspects. 2\. Key Responsibilities: **Governance and Compliance** ● Define, implement, and maintain the information security framework ● Ensure compliance with: ○ ISO 27001 ○ ISO 42001 ● Lead internal and external audits ● Serve as the primary security contact for customers and vendors **Implementation of Security Controls** ● Design and implement controls for: ○ Protection of sensitive data ○ Access control ○ Reduction of information exposure ● Ensure enforcement of the principle of least privilege ● Oversee proper segregation of environments **Data Protection** ● Define strategies for: ○ Anonymization ○ Data masking ○ Control of information export ● Ensure sensitive data is accessible only under controlled conditions **Monitoring, Logging, and Detection** ● Define and implement a comprehensive traceability strategy ● Oversee integration of events into monitoring systems ● Design mechanisms for detecting anomalous behavior **Incident Management** ● Design and implement the incident response plan ● Coordinate security incident handling ● Define operational playbooks **Endpoint and Operational Security** ● Define endpoint hardening standards ● Ensure policy compliance across devices ● Establish enhanced controls for areas with access to sensitive data **Security in Tools and Information Flows** ● Ensure information exchange channels meet security standards ● Eliminate or mitigate use of uncontrolled channels for sensitive data **AI Security (ISO 42001\)** ● Define guidelines for secure AI usage ● Ensure control over data used in automated processes **Culture and Training** ● Foster a security-conscious culture across the organization ● Train teams on handling sensitive information \_\_\_\_\_\_\_\_\_\_\_\_ This role is pivotal to Xira.ai’s evolution. We seek a candidate who: ● Prioritizes risk appropriately ● Executes swiftly ● Possesses business acumen ● Can represent the company before customers and auditors Work Schedule: **Full-Time** Work Mode: **Hybrid, with 2–3 days per week onsite at the office.** Salary: **MXN 25,000 / MONTH** For more information about the company and other career opportunities, visit our website at https://xira.ai/ Employment Type: Full-time Salary: MXN 25,000.00 per month Work Location: Hybrid remote in 05348, Santa Fe Cuajimalpa, CDMX
