.**Location: Monterrey or Matamoros, Mexico**:**Applications from persons not living in Mexico will NOT be accepted.**Information Security Risk Assessors report continuously on the state of risk, providing visibility and helping business leaders and risk managers understand where risk resides and where improvements must be made to protect the business. Such reporting includes adherence to regulations and industry guidelines, as well as corporate risk acceptance. The cybersecurity risk assessor focuses on third-party risk, as well as risks within internal and business-controlled areas of security, technology, and business processes. Information Security Risk Assessors partner with audit, compliance, and legal as needed.**Essential Job Duties**- Serve on a distributed risk team responsible for reviewing and documenting where security and technology controls are adequate, as well as areas requiring improvement and where risk is to high.- Recommend risk reduction steps to be implemented and maintained through policies, procedures, frameworks, and technical controls.- Work closely with risk management and security leadership, teammates, and stakeholders to evaluate and recommend models aligning with organizational risk posture.- Identify strengths and weaknesses in the program as they relate to privacy, security, business resiliency, and compliance frameworks.- Document, formulate and enforce security improvements that balance risk with business operations, and do not diminish efficiencies or innovation.- Attend change and project management meetings to understand and proactively strengthen controls to avoid unnecessary risk across lines of business.- Support company risk posture through development of controls and processes used in test, quality assurance and production environments from conception to completion.- Analyze workflows, design documents and procedures to identify gaps in risk posture and risk acceptability based on controls.- Create and present risk posture discovery and recommendation reports to leadership.- Review technical reports from vulnerability and penetration testing assessments, and results from tabletop exercises.- Monitor plans of action and milestones for risk remediation requirements from internal and external security assessments, vulnerability reports, audit findings and security gaps.- Remain educated on regulatory requirements, internal policies, and industry best practices.- Liaise with technical and business teams on business continuity and disaster recovery requirements.- Provide strong oversight of third parties, vendors, and business partners to safeguard against undue risk presented by external entities.- Frequently interact with business units to understand their plans, risk posture and tolerance, and how to support their vision and business obligations with security and risk in mind.- Openly support the organization, the management team, and executive leadership team, even during times of adversity