**Location: Monterrey or Matamoros, Mexico**:** Applications from persons not living in Mexico will NOT be accepted.**
**Position Summary**
**Essential Job Duties**
- Serve on a distributed compliance team responsible for reviewing and documenting where security and technology controls are adequate or need improvement. Work closely with compliance and security leadership, teammates, and stakeholders to evaluate and recommend models aligning with organizational goals.
- Document, formulate, and enforce security improvements that balance compliance with business operations and do not diminish efficiencies or innovation. Frequently interact with business units to understand their plans, risk posture and tolerance, and how to support their vision and business obligations with security and compliance in mind.
- Provide technical guidance and oversight to compliance activities and initiatives.
- Create and improve compliance roadmaps or strategies.
- Identify strengths and weaknesses in the program as they relate to privacy, security, business resiliency, and compliance frameworks.
- Validate adherence to internal policies, standards, frameworks, and regulations.
- Perform compliance reviews.
- Recommend, implement, and maintain policies, procedures, and controls supporting compliance.
- Create and maintain accreditation documentation such as System Security Plans (SSP), Plans of Action and Milestones (POAM), etc.
- Evaluate and manage compliance waivers.
- Influence compliance roadmaps and strategies.
- Create compliance reports and maturity metrics.
- Attend change and project management meetings to understand and proactively strengthen controls to avoid compliance lapses across lines of business.
- Research and educate the team on new regulatory compliance requirements and framework revisions.
- Openly support the organization, the management team, and the executive leadership team, even during times of adversity.
**Skills and Experience**
- Preferably 3-5+ years experience in security systems administration, with 2+ years risk management experience.
- Ideally familiar with one or more regulatory requirements and laws such as, but not limited to, SOX, HIPAA, GDPR, and GLBA. Additionally, experience in one or more: ISO 17799, ITIL and NIST.
- Track record of taking pride in work, seeking to excel, and being curious and flexible.
- Strong written and oral communication skills across varying levels of the organization.
- Understanding of service design, delivery concepts and control frameworks.
- Organized, with the ability to prioritize and complete tasks within defined SLAs.
- Excellent judgment and ability to make quick decisions when working with complex situations.
- High degree of integrity, trustworthiness, and confidence; represents the company and its management team with the highest level of professionalism.
**Education Requirements**
- Bachelor's degree or equivalent industry experience in information assurance, computer science, engineering, or related field.
**Certification Requirements**
- CRISC, CISSP, CISA, CGEIT, GCCC, GSEC, GISP, or other relevant certifications are preferred but not required.