Senior Information Security Analyst

Description

Job Summary: The Senior Information Security Analyst will be responsible for ensuring the implementation of security policies, assessing risks, and leading responses to critical incidents within a dynamic environment. Key Highlights: 1. Proven experience in information security 2. Experience operating in dynamic and transformative environments 3. Effective communication skills with stakeholders Description: If you have: * Proven experience in information security * Effective communication skills with internal stakeholders, IT leadership, and business units * Ability to operate in dynamic and transformative environments * Completed undergraduate degree in Information Systems, Computer Science, Software Engineering, or related fields It will be a plus if you have: * Postgraduate studies, specialization, or certification in IT governance, information security, or risk management * Experience, training, or certification in security solutions (PAM, SOC/SIEM, Firewalls, EDR/XDR, vulnerability management, anti-malware, etc.) * Experience working in blue/red team security operations, CEH (Certified Ethical Hacker), OSCP (Offensive Security Certified Professional), or equivalent certifications * Information security certifications (ISO 27001, CISM, NIST, or equivalents) * Training or certifications in auditing and compliance (SOx, ISAE 3402, SSAE 18, or equivalents) * Intermediate Spanish (ability to read, write, and communicate in Spanish when required) As a Senior Information Security Analyst, you will be responsible for: * Ensuring the implementation of security policies, standards, and frameworks, aligning with regulations, industry best practices, and corporate policies; * Conducting security risk assessments, developing mitigation plans, and monitoring their execution; * Contributing to the development and execution of critical incident response plans, coordinating containment actions and communications; * Participating in disaster recovery and business continuity events, supporting audits, regulatory bodies, and enabling effective communication with business units; * Evaluating, approving, and recommending information security technologies; * Performing and supervising vulnerability testing, including penetration tests, social engineering, and controlled exploitation of vulnerabilities; * Monitoring critical security alerts from the SOC, investigating incidents, and proposing remediation action plans; * Specifying and implementing security policies, password policies, and authentication standards for systems and servers; * Maintaining an up-to-date asset inventory and ensuring application of patches and hardening practices; * Monitoring privileged access using PAM tools and best practices; * Conducting cybersecurity awareness campaigns and phishing simulations to foster a cyber-security culture. 25121802025587344