102 Ofertas de G4s en Colombia

Information Security Officer

Main responsibilities:

Risk Management:

- Perform Risk assessments on : new projects, assets or Tools

- Manage Risk Register on compliance exemptions and risk acceptance (including expiry and renewal)

- Collaborate with the Security MSPs and the rest of security officers from other regions to deal with global emerging threats.

Compliance Management:

Support GRC global officer on specific tasks related but not limited to:

- Evidence collection and recording (MCS & Audits)

- Audit support

- Development and management of control processes

- Post Audit action tracking

Change and project support:

- Provide Security Reviews & Approvals on SNOW changes

- Security representation in zone CAB/E-CAB when required

- Security reviews of new demands and project charters

- Support/drive Security initiatives (Global or Regional)

Protect:

Security Operations

- Collaborate providing knowledge on managing, supporting and monitoring regular security relevant processes like: Patch Management, Backup & Restore, DR & BCP, Malware

- Follow up Globally Patch management process trying to improve the following areas:

Consolidation of asset scope sources (CMDB, manual lists, …)

Provide visibility to teams of the vulnerabilities detected

Homogenization of patching processes for all the zones

Ensuring completeness of vulnerability detection and patching activities

Detection of area for improvement

- Lead the Security operations related to the Network, this includes the following components: Firewall main configuration, IDS/IPS rules configuration, WAF default configuration and baseline, Proxy configuration and IoC lifecycle

Detect:

Security Operations

- Lead/Drive globally the vulnerability management process

- Coordinate Threat Hunting operations provided by a third party :

Providing necessary access to the external consultants

Provide access to the internal resources needed (hardware, software and contacts)

Coordination and deployment management of the needed agents

Register the necessary findings and ensure they are followed up and properly closed.

Respond:

Security Operations

- Work on Security Incident & Problem management

- Provide P1/Major Security Incident support

- Be involved on Forensic activities

Profile Required:

Education/qualifications normally required:

- Graduate degree in Business or Management; Bachelor's degree in Computer Science, Engineering, or a related discipline with an IT focus.

- Security certifications (CISM, CISA, ISO 27001, CISSP, CRISC, ITIL, CMMI, CompTIA Security+, NCSF, CHFI) would be an asset.

Specific work experience:

- Experience in IT Security and other operational/compliance IT roles

- Broad technical security knowledge of IT services, technology and IT solutions.

- Specific expertise in one or more of the following would be a plus:

Cloud Security → CCSP / GCSA

Network Security → CND / CCNP / CCNA Security / CEH

System/Infrastructure Security → CISSP / CISM / CISA

Industrial Technology (OT) Security → CDSE / GICSP / ISP / ISOC

- Extensive experience in delivering IT security projects, assessments and audits

- Practical experience of risk management

- Experience in implementing Policies and Procedures in compliance with Information Security Management System Standards (ISO 27000 series)

- Strong knowledge of regulatory requirements and security policies and standards

- Broad knowledge of IT services, Technologies and IT solutions

- Work experience in a related industry setting (cement, aggregate, ready-mix)

- Strong decision making skills and ability to challenge decisions of others

- Good negotiation skills with vendors, contractors and other suppliers

Technical / functional skills:

- Ability to develop and implement IT policies and governance

- Ability to run information security audits and test cyber resilience

- Profound knowledge of Information Security and Compliance standards (e.g. ISO 27001/2, GDPR, NIST, HIPAA, etc)

- Strong knowledge and understanding of networking & infrastructure security, both on premise and in cloud (IaaS)

- Experience with Cyber Security incidents and response

- Ability to review technical architecture documentation for demand/ project/ change proposals to identify security related risks or compliance concerns.

- Ability to conduct deep technical research into issues and products.

- Profound project management skills

- Strong Risk Management skills

Behavioral competencies:

- Ability to deal with difficult situations, unclear priorities and blocking stakeholders

- Ability to communicate openly and effectively with many diverse constituencies and stakeholders

- Ability to work decisively under heavy workload considering the criticality, urgency and extended work hours required to ensure the availability of the service in accordance to service level commitments

- Ability to manage multi-cultural and geographically diverse teams

- High willingness to drive transformation and service improvement

- Strong customer / end-user / client service orientation

- Highly self-motivated and directed

- Keen attention to detail

- Capability for problem solving, decision making, sound judgment, assertiveness

Leadership and managerial abilities:

- Strong relationship building and interpersonal skills

- Ability to lead and inspire teams across companies and cultural barriers

- Ability to champion new initiatives and technologies – "Change Leader"

Direct message the job poster from TECEZE

Hi,

Job Title: Information Security Officer

• Perform Risk assessments on: new projects, assets or Tools
• Manage Risk Register on compliance exemptions and risk acceptance (including expiry and renewal)
• Collaborate with the Security MSPs and the rest of security officers from other regions to deal with global emerging threats

• Support GRC global officer on specific tasks related but not limited to:
• Evidence collection and recording (MCS & Audits)
• Audit support
• Development and management of control processes
• Post Audit action tracking

• Provide Security Reviews & Approvals on SNOW changes
• Security representation in zone CAB/E-CAB when required
• Security reviews of new demands and project charters
• Support/drive Security initiatives (Global or Regional)

• Collaborate providing knowledge on managing, supporting and monitoring regular security relevant processes like: Patch Management, Backup & Restore, DR & BCP, Malware
• Follow up Globally Patch management process trying to improve the following areas:
  • Consolidation of asset scope sources (CMDB, manual lists, …)
  • Provide visibility to teams of the vulnerabilities detected
  • Homogenization of patching processes for all the zones
  • Ensuring completeness of vulnerability detection and patching activities
  • Detection of area for improvement
• Lead the Security operations related to the Network, including: Firewall main configuration, IDS/IPS rules configuration, WAF baseline configuration, Proxy configuration and IoC lifecycle

• Security Operations – Lead/Drive globally the vulnerability management process
• Coordinate Threat Hunting operations provided by a third party
• Provide necessary access to external consultants and internal resources
• Coordinate and deploy needed agents
• Register findings and ensure follow-up and closure

• Security Operations – Work on Security Incident & Problem management
• Provide P1/Major Security Incident support
• Be involved in Forensic activities

• Education/qualifications normally required:
• Graduate degree in Business or Management; Bachelor’s degree in Computer Science, Engineering, or a related discipline with an IT focus
• Security certifications (CISM, CISA, ISO 27001, CISSP, CRISC, ITIL, CMMI, CompTIA Security+, NCSF, CHFI) would be an asset
• Specific work experience:
• Experience in IT Security and other operational/compliance IT roles
• Broad technical security knowledge of IT services, technology and IT solutions
• Specific expertise in one or more of the following would be a plus: Cloud Security → CCSP / GCSA; Industrial Technology (OT) Security → CDSE / GICSP / ISP / ISOC
• Extensive experience in delivering IT security projects, assessments and audits
• Practical experience of risk management
• Experience in implementing Policies and Procedures in compliance with Information Security Management System Standards (ISO 27000 series)
• Strong knowledge of regulatory requirements and security policies and standards
• Broad knowledge of IT services, Technologies and IT solutions
• Work experience in a related industry setting (cement, aggregate, ready-mix)
• Strong decision making skills and ability to challenge decisions of others
• Good negotiation skills with vendors, contractors and other suppliers

• Ability to develop and implement IT policies and governance
• Ability to run information security audits and test cyber resilience
• Profound knowledge of Information Security and Compliance standards (e.g. ISO 27001/2, GDPR, NIST, HIPAA, etc)
• Strong knowledge and understanding of networking & infrastructure security, both on premise and in cloud (IaaS)
• Experience with Cyber Security incidents and response
• Ability to review technical architecture documentation for demand/ project/ change proposals to identify security related risks or compliance concerns
• Ability to conduct deep technical research into issues and products
• Profound project management skills
• Ability to deal with difficult situations, unclear priorities and blocking stakeholders
• Ability to communicate openly and effectively with many diverse constituencies and stakeholders
• Ability to work decisively under heavy workload considering the criticality, urgency and extended work hours required to ensure the availability of the service in accordance to service level commitments
• Ability to manage multi-cultural and geographically diverse teams
• High willingness to drive transformation and service improvement
• Strong customer / end-user / client service orientation
• Highly self-motivated and directed
• Keen attention to detail
• Capability for problem solving, decision making, sound judgment, assertiveness

• Strong relationship building and interpersonal skills
• Ability to lead and inspire teams across companies and cultural barriers
• Ability to champion new initiatives and technologies – “Change Leader”

• Excellent English (written & spoken) - other languages are a plus

• Mid-Senior level

• Full-time

• Administrative

• Computer and Network Security

Referrals increase your chances of interviewing at TECEZE by 2x

Get notified about new Information Security Officer jobs in Medellín, Antioquia, Colombia.

Responsibilities

• Perform Risk assessments on: new projects, assets or tools
• Manage Risk Register on compliance exemptions and risk acceptance (including expiry and renewal)
• Collaborate with the Security MSPs and the rest of security officers from other regions to deal with global emerging threats
• Compliance Management: Support GRC global officer on specific tasks related but not limited to: Evidence collection and recording (MCS & Audits); Audit support; Development and management of control processes; Post Audit action tracking
• Change and project support: Provide Security Reviews & Approvals on SNOW changes; Security representation in zone CAB/E-CAB when required; Security reviews of new demands and project charters; Support/drive Security initiatives (Global or Regional)
• Protect: Security Operations
• Collaborate providing knowledge on managing, supporting and monitoring regular security relevant processes like: Patch Management, Backup & Restore, DR & BCP, Malware
• Follow up Globally Patch management process trying to improve: Consolidation of asset scope sources (CMDB, manual lists, …); Provide visibility to teams of the vulnerabilities detected; Homogenization of patching processes for all the zones; Ensuring completeness of vulnerability detection and patching activities; Detection of area for improvement
• Lead the Security operations related to the Network, including: Firewall main configuration, IDS/IPS rules configuration, WAF default configuration and baseline, Proxy configuration and IoC lifecycle
• Detect: Security Operations
• Lead/Drive globally the vulnerability management process
• Coordinate Threat Hunting operations provided by a third party: Providing necessary access to the external consultants; Provide access to the internal resources needed (hardware, software and contacts); Coordination and deployment management of the needed agents; Register the necessary findings and ensure they are followed up and properly closed
• Respond: Security Operations
• Work on Security Incident & Problem management; Provide P1/Major Security Incident support; Be involved in forensic activities

Education/qualifications normally required:

• Graduate degree in Business or Management; Bachelor’s degree in Computer Science, Engineering, or a related discipline with an IT focus
• Security certifications (CISM, CISA, ISO 27001, CISSP, CRISC, ITIL, CMMI, CompTIA Security+, NCSF, CHFI) would be an asset

Specific work experience:

• Experience in IT Security and other operational/compliance IT roles
• Broad technical security knowledge of IT services, technology and IT solutions
• Specific expertise in one or more of the following would be a plus: Cloud Security → CCSP / GCSA; Industrial Technology (OT) Security → CDSE / GICSP / ISP / ISOC
• Extensive experience in delivering IT security projects, assessments and audits
• Practical experience of risk management
• Experience in implementing Policies and Procedures in compliance with Information Security Management System Standards (ISO 27000 series)
• Strong knowledge of regulatory requirements and security policies and standards
• Broad knowledge of IT services, Technologies and IT solutions
• Work experience in a related industry setting (cement, aggregate, ready-mix)
• Strong decision making skills and ability to challenge decisions of others
• Good negotiation skills with vendors, contractors and other suppliers

Technical / functional skills:

• Ability to develop and implement IT policies and governance
• Ability to run information security audits and test cyber resilience
• Profound knowledge of Information Security and Compliance standards (e.g. ISO 27001/2, GDPR, NIST, HIPAA, etc)
• Strong knowledge and understanding of networking & infrastructure security, both on premise and in cloud (IaaS)
• Experience with Cyber Security incidents and response
• Ability to review technical architecture documentation for demand/ project/ change proposals to identify security related risks or compliance concerns
• Ability to conduct deep technical research into issues and products
• Profound project management skills
• Ability to deal with difficult situations, unclear priorities and blocking stakeholders
• Ability to communicate openly and effectively with many diverse constituencies and stakeholders
• Ability to work decisively under heavy workload considering the criticality, urgency and extended work hours required to ensure the availability of the service in accordance to service level commitments
• Ability to manage multi-cultural and geographically diverse teams
• High willingness to drive transformation and service improvement
• Strong customer / end-user / client service orientation
• Highly self-motivated and directed
• Keen attention to detail
• Capability for problem solving, decision making, sound judgment, assertiveness

Leadership and managerial abilities:

• Strong relationship building and interpersonal skills
• Ability to lead and inspire teams across companies and cultural barriers
• Ability to champion new initiatives and technologies – “Change Leader”

• Associate

• Full-time

• Engineering and Information Technology

• Computer and Network Security

Overview

HCLTech Bogota, D.C., Capital District, Colombia

Direct message the job poster from HCLTech

Note: This description has been refined to use proper HTML structure while preserving the original content intent.

• Perform Risk assessments on new projects, assets or tools
• Manage Risk Register on compliance exemptions and risk acceptance (including expiry and renewal)
• Collaborate with Security MSPs and the security officers from other regions to address global emerging threats
• Compliance Management: support GRC global officer on tasks such as evidence collection and recording (MCS & Audits), audit support, development and management of control processes, post-audit action tracking
• Change and project support: provide security reviews & approvals on SNOW changes, serve as security representative in zone CAB/E-CAB when required, perform security reviews of new demands and project charters, support/drive security initiatives (global or regional)
• Protect: Security Operations – collaborate on managing and monitoring regular security processes (patch management, backup & restore, DR & BCP, malware); follow up globally on patch management to improve asset source consolidation, provide visibility of vulnerabilities, homogenize patching processes across zones, ensure completeness of vulnerability detection and patching activities, and identify areas for improvement
• Lead security operations related to the network (firewall config, IDS/IPS rules, WAF baseline/configuration, proxy configuration and IoC lifecycle)
• Detect: Security Operations – lead/drive globally the vulnerability management process; coordinate threat-hunting operations provided by a third party; provide access to external consultants and internal resources as needed; manage deployment of required agents; register findings and ensure follow-up and closure
• Respond: Security Operations – work on security incident & problem management; provide P1/major security incident support; be involved in forensic activities

• Education/qualifications normally required: Graduate degree in Business or Management;Bachelor’s degree in Computer Science, Engineering, or a related discipline with an IT focus
• Security certifications (CISM, CISA, ISO 27001, CISSP, CRISC, ITIL, CMMI, CompTIA Security+, NCSF, CHFI) would be an asset
• Specific work experience: Experience in IT Security and other operational/compliance IT roles; broad technical security knowledge of IT services, technology and IT solutions; experience in one or more of the following is a plus: Cloud Security (CCSP / GCSA), Industrial Technology Security (CDSE / GICSP / ISP / ISOC); extensive experience in delivering IT security projects, assessments and audits; practical experience of risk management; experience implementing policies and procedures in ISO 27000 series; strong knowledge of regulatory requirements and security policies/standards; broad knowledge of IT services, technologies and solutions; work experience in cement/aggregate/ready-mix industries; strong decision making and negotiation skills
• Technical / functional skills: Develop and implement IT policies and governance; run information security audits and test cyber resilience; knowledge of standards (ISO 27001/2, GDPR, NIST, HIPAA, etc); strong networking & infrastructure security knowledge (on-premise and cloud IaaS); experience with cyber security incidents and response; ability to review architecture docs for security risks; ability to conduct deep technical research; project management skills; ability to manage priorities and stakeholders; strong communication across diverse groups; ability to work under heavy workload; experience managing multi-cultural and geographically diverse teams; willingness to drive transformation and service improvement; customer-oriented mindset; self-motivated; attention to detail; problem solving and judgment
• Leadership and managerial abilities: Strong relationship-building, leadership across organizations and cultures, ability to champion new initiatives and technologies

• Associate

• Full-time

• Engineering and Information Technology
• Industries: Computer and Network Security

We’re removing boilerplate content and keeping the focus on responsibilities and qualifications for the role.

Vincúlate como Chief Information Security Officer

Requisitos

• Profesional en ingeniería de sistemas, telecomunicaciones o afines.
• Posgrado en Seguridad Informática, Seguridad de la Información,Administración De Riesgos Informáticos, Ciberseguridad Organizacional, Ciberseguridad o afines
• Certificación en temas de seguridad:

• CRISC (Certified in Risk and Information Systems Control)

• CISSP (Certified Information Systems Security Professional)

• CISM (Certified Information Security Manager)

• Experiencia de mínimo 3 años como Oficial de Seguridad de la Información o cargos similares.
• Vinculación servicios profesionales.

¿Te apasiona conectar los objetivos del negocio con una gestión sólida de la ciberseguridad?

Como nuestro próximo Business Information Security Officer (BISO), tendrás un rol clave asegurando que las operaciones de negocio sean seguras, resilientes y alineadas con la estrategia global de ciberseguridad. Serás el aliado estratégico para la línea de negocio, liderando iniciativas que fortalezcan la gestión de riesgos, garanticen el cumplimiento normativo y promuevan una cultura de seguridad proactiva en toda la organización.

Si tienes un inglés fluido, cuentas con 5 o más años de experiencia en ciberseguridad y eres de los que disfruta relacionándose con equipos multiculturales, postúlate y sé parte de nuestro equipo

• Actuar como punto único de contacto de ciberseguridad dentro de la línea de negocio.
• Implementar y supervisar políticas, estándares y marcos globales de seguridad (ISO 27001, SOC 2, GDPR, entre otros) en el contexto de la línea de negocio.
• Apoyar las evaluaciones de riesgos y mantener un registro actualizado de riesgos de la línea de negocio.
• Coordinar la respuesta a incidentes de seguridad que impacten la línea de negocio, escalando al equipo global SOC/IR cuando sea necesario.
• Asegurar la aplicación de los procesos de gestión de riesgos de terceros (TPRM) a proveedores y socios relevantes de la unidad.
• Brindar insumos para auditorías, certificaciones y cuestionarios de clientes específicos de la línea de negocio.
• Impartir programas de concientización y capacitación adaptados a los empleados de la línea de negocio.
• Colaborar con el líder del equipo en la ejecución de otras funciones y responsabilidades necesarias para el éxito y la evolución del área.

• Profesional graduado de Ingeniería de sistemas, telecomunicaciones, ciencias de la computación o seguridad de la información y/o áreas a fines.
• Inglés C1.
• Experiencia laboral demostrable de 5 o más años en ciberseguridad, gestión de riesgos y/o cumplimiento normativo.
• Experiencia en la definición, implementación y cumplimiento de políticas y estándares de seguridad.
• Conocimiento de marcos de referencia para respuesta a incidentes y de mejores prácticas de la industria y marcos y estándares de seguridad de la información (ISO 27001, NIST CSF, GDPR)
• Deseables:
• Especialización y/o maestría en cyberseguridad, seguridad de la información y/o áreas a fines.

• Contrato a término indefinido.
• Vacaciones por demanda.
• El trabajo es en modelo hibrido.
• Auxilio de conectividad.
• Beneficios extralegales.

Our commitment to building and maintaining a diverse workforce

Anthesis has clients across all industry sectors and supports some of the world's largest multinationals such as Reckitt, Cisco, Tesco, The North Face, and Target. The company brings together 1,400+ experts operating across 22 countries and 44 office locations with offices in Australia, Belgium, Brazil, Canada, China, Colombia, Finland, France, Germany, Hong Kong, Ireland, Italy, the Middle East, Netherlands, the Philippines, Singapore, South Africa, Spain, Sweden, Switzerland, the UK, and the US.

We encourage all employees to contribute their ideas, perspectives, and experiences to help us create an inclusive and equitable workplace. By embracing diversity and providing equal opportunities, we believe we can drive innovation, foster creativity, and achieve our shared goals. So, if you're ready to be a part of something truly extraordinary, then we want you Qualified applicants will receive consideration for employment without regard to race, colour, religion, sex, sexual orientation, gender perception or identity, national origin, age, pregnancy, marital status, protected veteran status, or disability status.

Together, we can continue to build a diverse and inclusive workforce where everyone has an equal opportunity to succeed and thrive.

If you require any reasonable adjustments to be made to your application process, or need this job advert in a different format, just let us know and we'll be happy to help.

Main responsibilities:

• Perform Risk assessments on : new projects, assets or Tools
• Manage Risk Register on compliance exemptions and risk acceptance (including expiry and renewal)
• Collaborate with the Security MSPs and the rest of security officers from other regions to deal with global emerging threats.

Support GRC global officer on specific tasks related but not limited to:

• Evidence collection and recording (MCS & Audits)
• Audit support
• Development and management of control processes

• Post Audit action tracking

• Provide Security Reviews & Approvals on SNOW changes

• Security representation in zone CAB/E-CAB when required
• Security reviews of new demands and project charters
• Support/drive Security initiatives (Global or Regional)

Security Operations

• Collaborate providing knowledge on managing, supporting and monitoring regular security relevant processes like: Patch Management, Backup & Restore, DR & BCP, Malware
• Follow up Globally Patch management process trying to improve the following areas:

Consolidation of asset scope sources (CMDB, manual lists, …)

Provide visibility to teams of the vulnerabilities detected

Homogenization of patching processes for all the zones

Ensuring completeness of vulnerability detection and patching activities

Detection of area for improvement

• Lead the Security operations related to the Network, this includes the following components: Firewall main configuration, IDS/IPS rules configuration, WAF default configuration and baseline, Proxy configuration and IoC lifecycle

Detect:

Security Operations

• Lead/Drive globally the vulnerability management process
• Coordinate Threat Hunting operations provided by a third party :

Providing necessary access to the external consultants

Provide access to the internal resources needed (hardware, software and contacts)

Coordination and deployment management of the needed agents

Register the necessary findings and ensure they are followed up and properly closed.

Respond:

Security Operations

• Work on Security Incident & Problem management
• Provide P1/Major Security Incident support
• Be involved on Forensic activities

Profile Required:

Education/qualifications normally required:

• Graduate degree in Business or Management; Bachelor's degree in Computer Science, Engineering, or a related discipline with an IT focus.
• Security certifications (CISM, CISA, ISO 27001, CISSP, CRISC, ITIL, CMMI, CompTIA Security+, NCSF, CHFI) would be an asset.

Specific work experience:

• Experience in IT Security and other operational/compliance IT roles
• Broad technical security knowledge of IT services, technology and IT solutions.
• Specific expertise in one or more of the following would be a plus:

Cloud Security CCSP / GCSA

Network Security CND / CCNP / CCNA Security / CEH

System/Infrastructure Security CISSP / CISM / CISA

Industrial Technology (OT) Security CDSE / GICSP / ISP / ISOC

• Extensive experience in delivering IT security projects, assessments and audits
• Practical experience of risk management
• Experience in implementing Policies and Procedures in compliance with Information Security Management System Standards (ISO 27000 series)
• Strong knowledge of regulatory requirements and security policies and standards
• Broad knowledge of IT services, Technologies and IT solutions
• Work experience in a related industry setting (cement, aggregate, ready-mix)
• Strong decision making skills and ability to challenge decisions of others
• Good negotiation skills with vendors, contractors and other suppliers

Technical / functional skills:

• Ability to develop and implement IT policies and governance
• Ability to run information security audits and test cyber resilience
• Profound knowledge of Information Security and Compliance standards (e.g. ISO 27001/2, GDPR, NIST, HIPAA, etc)
• Strong knowledge and understanding of networking & infrastructure security, both on premise and in cloud (IaaS)
• Experience with Cyber Security incidents and response
• Ability to review technical architecture documentation for demand/ project/ change proposals to identify security related risks or compliance concerns.
• Ability to conduct deep technical research into issues and products.
• Profound project management skills
• Strong Risk Management skills

Behavioral competencies:

• Ability to deal with difficult situations, unclear priorities and blocking stakeholders
• Ability to communicate openly and effectively with many diverse constituencies and stakeholders
• Ability to work decisively under heavy workload considering the criticality, urgency and extended work hours required to ensure the availability of the service in accordance to service level commitments
• Ability to manage multi-cultural and geographically diverse teams
• High willingness to drive transformation and service improvement
• Strong customer / end-user / client service orientation
• Highly self-motivated and directed
• Keen attention to detail
• Capability for problem solving, decision making, sound judgment, assertiveness

For L2:

Leadership and managerial abilities:

• Strong relationship building and interpersonal skills
• Ability to lead and inspire teams across companies and cultural barriers
• Ability to champion new initiatives and technologies – "Change Leader"

Linguistic skills:

Excellent English (written & spoken) - other languages are a plus

Vacante:
Business Information Security Officer (BISO)
–
Bogotá (100% presencial)

En Stefanini buscamos un(a) BISO para liderar la seguridad de la información desde el negocio y asegurar que los proyectos de transformación digital, nube y e-commerce cumplan estándares, marcos normativos y controles corporativos que protejan la confidencialidad, integridad, disponibilidad y el cumplimiento legal de la información.

Responsabilidades

• Ser el enlace estratégico entre negocio, tecnología y seguridad, impulsando cultura y gobierno de seguridad.
• Asegurar cumplimiento y adopción de marcos/estándares: ISO 27001, NIST CSF, COBIT, SOC 2, PCI DSS, GDPR/LPDP.
• Acompañar nuevos proyectos garantizando gobierno de seguridad, definición de controles y trazabilidad.
• Evaluar riesgos de seguridad en software, nube y e-commerce; proponer planes de tratamiento.
• Coordinar pruebas de seguridad: pentest, ethical hacking y revisiones de código seguro.
• Impulsar e implementar controles de IAM, DLP, Cloud Security y DevSecOps; articular con SIEM y monitoreo.
• Apoyar auditorías y due diligence de proveedores.
• Traducir riesgos técnicos a lenguaje de negocio para la toma de decisiones.

Formación

• Profesional en Ingeniería de Sistemas, Informática, Telecomunicaciones o afines.
• Especialización o certificación en Seguridad de la Información, Ciberseguridad o Gestión de Riesgos.

Experiencia

• 5 a 8 años en seguridad de la información, con al menos 3 años participando en proyectos de transformación digital, retail, banca o similares.
• Participación comprobada en:
• Implementación de marcos: ISO 27001, NIST CSF, SOC 2, PCI DSS.
• Evaluación de riesgos en proyectos on-prem y cloud.
• Coordinación de pentest/ethical hacking y revisión de código seguro.
• Implementación de controles IAM, DLP, Cloud Security, DevSecOps.

Conocimientos técnicos

• Gestión de riesgos de TI y seguridad.
• Normatividad y estándares internacionales: ISO 27001, NIST, COBIT, GDPR/LPDP.
• Seguridad en la nube: énfasis en AWS y Azure (GCP deseable).
• Metodologías de gestión de cambios y gobierno de proyectos.
• Arquitecturas seguras: Zero Trust, DevSecOps, CI/CD.
• Herramientas de monitoreo, SIEM y cumplimiento.
• Experiencia en auditorías y due diligence de proveedores.

Competencias y actitud

• Pensamiento crítico y estratégico; orientación a resultados.
• Comunicación clara y asertiva (traduce riesgos técnicos al negocio).
• Liderazgo colaborativo con áreas de negocio, desarrollo y TI.
• Ética y confiabilidad; manejo responsable de información sensible.
• Resiliencia y manejo de presión; aprendizaje continuo.
• Vocación de servicio, escucha activa y empatía.

Condiciones

• Modalidad: 100% presencial.
• Ubicación: Bogotá, Colombia.

Vincúlate como Chief Information Security Officer

Requisitos

• Profesional en ingeniería de sistemas, telecomunicaciones o afines.
• Posgrado en Seguridad Informática, Seguridad de la Información,Administración De Riesgos Informáticos, Ciberseguridad Organizacional, Ciberseguridad o afines
• Certificación en temas de seguridad:

• CRISC (Certified in Risk and Information Systems Control)

• CISSP (Certified Information Systems Security Professional)

• CISM (Certified Information Security Manager)

• Experiencia de mínimo 3 años como Oficial de Seguridad de la Información o cargos similares.
• Vinculación servicios profesionales.