Senior Information Security Analyst

Description

Job Summary: The Senior Information Security Analyst will be responsible for ensuring security, mitigating risks, responding to incidents, and promoting a cybersecurity culture. Key Highlights: 1. Proven experience in information security 2. Experience operating in dynamic and transformative environments 3. Postgraduate degree or certification in IT governance/security/risk management Description: If you have: * Proven experience in information security * Effective communication skills with internal stakeholders, IT leadership, and business units * Ability to operate in dynamic and transformative environments * Completed undergraduate degree in Information Systems, Computer Science, Software Engineering, or related fields It would be a plus if you have: * Postgraduate degree, specialization, or certification in IT governance, information security, or risk management * Experience, training, or certification in security solutions (PAM, SOC/SIEM, Firewalls, EDR/XDR, vulnerability management, anti-malware, etc.) * Experience working in blue/red team security operations, CEH (Certified Ethical Hacker), OSCP (Offensive Security Certified Professional), or equivalent certifications * Information security certification (ISO 27001, CISM, NIST, or equivalents) * Training or certification in auditing and compliance (SOx, ISAE 3402, SSAE 18, or equivalents) * Intermediate Spanish (ability to read, write, and communicate in Spanish when required) As a Senior Information Security Analyst, you will be responsible for: * Ensuring implementation of security policies, standards, and frameworks, aligning with regulations, industry best practices, and corporate policies; * Conducting security risk assessments, developing mitigation plans, and monitoring their execution; * Contributing to the development and execution of critical incident response plans, coordinating containment actions and communications; * Participating in disaster recovery and business continuity events, supporting audits, regulatory bodies, and enabling effective business communication; * Evaluating, approving, and recommending information security technologies; * Performing and supervising vulnerability testing, including penetration tests, social engineering, and controlled exploitation of vulnerabilities; * Monitoring critical security alerts from the SOC, investigating incidents, and proposing remediation action plans; * Specifying and implementing security policies, password policies, and authentication standards for systems and servers; * Maintaining an up-to-date asset inventory and ensuring application of patches and hardening practices; * Monitoring privileged access using PAM tools and best practices; * Conducting cybersecurity awareness campaigns and phishing simulations to promote a cybersecurity culture. 25121802025587344