Working At Bitso
We are a diverse team that takes pride in understanding the perspectives of others. We fully embrace working remotely and we are eager to act, improve and accelerate progress inside and outside of our organization.
To drive revolutionary changes in society and make crypto useful, we delight our customers with world-class products, deep care, and intentional empathy.
Your Purpose
As our Information Security GRC Specialist, you will be an integral part of the Information Security Governance, Risk, and Compliance team. Your role is essential to ensure that company security policies, technical standards, and procedures are implemented, maintained, and continuously improved, while overseeing security risk management and compliance with applicable security standards and regulations. Additionally, you will be responsible for coordinating and supporting external/internal security assessments.
As part of the information security governance, risk, and compliance team, you will:
- Use holistic approaches interconnecting governance, risk, and compliance through project management and the application of industry best practices, standards, and regulations.
- Connect information security with other involved teams.
- Drive alignment of all lines of business with the defined information security culture and governance model.
- Use Agile approaches in your projects.
- Focus on proactivity, quality, and excellence in your results.
- Explore strategies and solutions for effective Governance, Risk, and Compliance (GRC) engineering in the organization.
Beyond our team, you will collaborate closely with:
- Organizational risk, compliance, and regulatory internal and external teams to ensure proper adherence to information security compliance processes.
- Technical groups to assist in implementing technical standards, controls, and configurations aligned with security policies, legal requirements, and audit standards.
Reports To
Information Security Program Manager
Who You Are
- Proven English proficiency. You are comfortable presenting to English-speaking audiences and creating deliverables in that language. You are able to maintain a fluid conversation in English.
- Minimum of 5 years of experience in Information Security GRC roles.
- At least 3 years of experience leading or coordinating internal compliance assessments, internal audits, or acting as a strategic consultant with a focus on maturity assessments.
- At least 3 years of experience working with Mexican regulatory, cybersecurity, and information security requirements applicable to fintech or regulated financial entities.
- You have expert knowledge of information security frameworks and best practices (e.g., ISO/IEC 27000 series, COBIT, NIST SP 800-xx, NIST CSF, and CIS).
- You have working knowledge in scripting to read and modify simple scripts, understand JSON and YAML configuration files, use command-line tools and write basic automation tools.
- You have working knowledge of data analysis to extract relevant information from logs and identify trends and patterns, to turn technical data into business insights.
- You have proficiency in IT audit, compliance, and maturity assessments.
- You hold a Certified Information Systems Auditor (CISA) certification or equivalent credentials with a strong focus on IT audit, assurance, or information security governance.
- You hold a AWS Certified Cloud Practitioner or working knowledge with AWS Cloud Infrastructure.
- You possess a competent understanding of the risk management process, with emphasis on risk treatment, monitoring, and control assessment phases.
- You possess strong communication skills. These are crucial as the role involves coordinating with internal teams, external auditors, and various technical and non-technical groups. Being able to effectively communicate findings, recommendations, and remediation strategies to different levels of stakeholders is key.
- You