At Aplazo, our mission is to empower financial access, opportunity and freedom, by connecting people and businesses in Latin America, through fair, simple, and transparent financial solutions.

We're currently seeking an Information Security Administrator to help propel us toward this goal.

As an InfoSec Administrator on our team, you'll play a critical role in creating, operating, supporting, and maintaining our Information Security policies and processes. You will make sure that our infrastructure complies with cybersecurity and information security standards. This role demands a proactive thinker that can help with implementing solutions from the ground up. Expertise with implementing PCI-DSS Level 1 compliance and ISO-27001 standards is a must.

Success in this role requires a blend of leadership, teamwork, attention to detail, and a commitment to quality. You should be self-motivated, proactive, excel at communication, empathetic and driven to achieve. You also need to exude strong teamwork and collaboration skills, including the ability to mentor and be mentored. You will be working alongside a team with deep roots in product, technology, and culture focused companies (Uber, Google, Rappi, Stitch Fix).

Key responsibilities

• Develop and Enforce Security Policies: Create, review, and enforce comprehensive security policies, standards, and procedures to safeguard organizational data and systems.
• Risk Management and Incident Response: Conduct risk assessments, manage identified vulnerabilities, and lead coordinated responses to security breaches and incidents.
• User Access and Data Protection: Administer user access controls and implement robust data protection strategies, including encryption and backup solutions.
• Security Training and Awareness: Develop and deliver security training programs to educate employees on security best practices and the importance of data protection.
• Compliance and Audit Support: Ensure compliance with relevant laws, regulations, and industry standards, and prepare for security audits, providing necessary documentation and remediation.
• Security Policy and Process Improvement: Continuously improve security policies and procedures based on evolving threats and organizational needs, ensuring alignment with business objectives.develop security training programs for employees.
• Continuous Improvement and Vendor Management: Stay updated on security trends, improve security practices, and manage vendor relationships to ensure compliance with security policies.

Requirements

Must have

• Experience: At least 5+ years in relevant fields with demonstrated experience in Information Security, Compliance, Policy Development, User Access Management, and Training/Awareness Programs.
• Technical skills:
  • Strong Knowledge of Security Policies and Standards: Proficiency in developing, implementing, and enforcing security policies, standards, and procedures (PCI-DSS and ISO-27001)
  • Risk Assessment and Incident Management: Expertise in conducting risk assessments, identifying vulnerabilities, and managing incident response processes that relate to information security.
  • Access Control and Data Protection: Advanced skills in administering user access controls and implementing data protection measures such as encryption and backup.
  • Regulatory Compliance: In-depth understanding of relevant laws, regulations, and industry standards to ensure organizational compliance and readiness for security audits.
• Soft skills:
  • Effective Communication and Training: Ability to communicate (written and in-person) complex security concepts clearly and develop training programs to raise security awareness among employees (in Spanish, with ability to also communicate with vendors or teammates in English as necessary)
  • Project Management Skills: Ability to manage security projects, including planning, execution, and monitoring, ensuring that security initiatives are completed on time and within budget.
  • You are good at managing the ambiguity of a rapidly-growing company: adjusting to changing priorities, making conscious tradeoffs when guidance is limited and information is incomplete, and instituting best practices from scratch when needed.

Must have:

• Experience in Fintech and startup companies.
• Experience with BCP (Business Continuity Planning) and DRP (Disaster Recovery Planning)

Nice to have

• Certifications: Possession of industry-recognized certifications such as CISSP (Certified Information Systems Security Professional), CISM (Certified Information Security Manager), or CompTIA Security+.
• Experience with Security Technologies: Familiarity with a wide range of security tools and technologies, such as SIEM (Security Information and Event Management) systems, intrusion detection/prevention systems, and endpoint protection solutions.
• Soft Skills: Strong analytical, problem-solving, and interpersonal skills, with the ability to work collaboratively with various teams and effectively communicate security-related concepts to non-technical stakeholders.