.Cyber Risk and Compliance Technical ManagerJob SummaryThe Cyber Risk and Compliance Technical Manager acts as the guardian of the organization's digital assets, ensuring the identification, analysis, and mitigation of cybersecurity risks.
This professional supervises and conducts audits on security controls, develops technical documentation, and ensures internal practices align with applicable standards and regulations, fostering a culture of security and compliance across all levels of the company.ResponsibilitiesRisk Management:Lead the identification, measurement, evaluation, and management of cybersecurity risks.Implement methodologies and continuous processes for risk monitoring and mitigation.Keep the risk map updated and respond to any identified deviations.Control Audits:Plan and execute internal and external audits on security controls.Assess the effectiveness of protection mechanisms and recommend corrective actions when necessary.Ensure corrective actions are implemented and tracked by stakeholders.Documentation Preparation:- Assist in the development and maintenance of information security policies, procedures, and guidelines.- Produce technical reports that highlight compliance levels and any vulnerabilities identified.Regulatory Compliance:- Ensure activities and processes are aligned with applicable regulations and standards (e.G., GDPR, ISO 27001, NIST, NIS2).- Stay updated on legislative and market changes that impact cybersecurity.Stakeholder Interaction:- Collaborate with internal and external parties (auditors, consultants, and regulatory bodies) to ensure continuous improvement of controls and compliance processes.- Promote training and awareness campaigns on security and compliance policies.SkillsTechnical and Analytical:- Strong competency in analyzing and managing cybersecurity risks.- In-depth knowledge of security frameworks and standards such as ISO 27001, NIST, COBIT, among others.Audit and Control:- Proven experience in auditing systems and internal controls, with skills in identifying gaps and proposing corrective actions.Documentation and Communication:- Ability to create clear and precise technical documentation.- Ability to communicate complex concepts in an accessible way to diverse audiences, including technical and executive teams.Management and Leadership:- Proactive profile with the ability to lead interdisciplinary initiatives.- Ability to work under pressure and manage multiple projects simultaneously.Personal Development and Adaptability:- Willingness to stay updated on trends and threats in cybersecurity.- Ability to adapt to regulatory and technological changes.Education and Additional RequirementsAcademic Background:- Degree in Computer Science, Systems Engineering, Information Technology, or related areas.- Postgraduate studies or specializations in Information Security are considered a differentiator