What is Cobre and what do we do?

Cobre is Latin America’s leading instant b2b payments platform. We solve the region’s most complex money movement challenges by building advanced financial infrastructure that enables companies to move money faster, safer, and more efficiently. We enable instant business payments—local or international, direct or via API—all from a single platform. Built for fintechs, PSPs, banks, and finance teams that demand speed, control, and efficiency. From real-time payments to automated treasury, we turn complex financial processes into simple experiences.

Cobre is the first platform in Colombia to enable companies to pay both banked and unbanked beneficiaries within the same payment cycle and through a single interface. We are building the enterprise payments infrastructure of Latin America!

What we are looking for:

Ensure the comprehensive and effective management of the identity and access lifecycle across all applications, internal systems, and financial portals used by Cobre, with the objective of safeguarding that each user—whether employee, contractor, or third-party partner—has access strictly limited to the privileges necessary for their role. This access governance must be consistently aligned with core security principles such as least privilege, segregation of duties (SoD), and full compliance with applicable regulatory requirements, including but not limited to the guidelines issued by the Superintendencia Financiera de Colombia (SFC), Sarlaft, ISO/IEC 27001, and other relevant international frameworks.

The role is responsible for ensuring the traceability, consistency, and timeliness of all provisioning, modification, and revocation activities throughout the user access lifecycle, across both on-premise and cloud environments. It plays a vital role in minimizing operational and cybersecurity risks by preventing unauthorized or excessive access,ensuring adequate controls for sensitive and transactional environments, and maintaining the integrity and confidentiality of critical business information. Moreover, this position directly supports the organization’s broader objectives related to information security, regulatory compliance, and operational resilience.

What would you be doing:

• Administer and monitor the user access lifecycle (provisioning, modification, revocation) across internal and external platforms and applications.
• Perform periodic access review controls in coordination with application owners and business units, ensuring alignment with organizational policies.
• Ensure proper segregation of duties (SoD) in sensitive roles (e.g., Treasury, Accounting, Technology, etc.).
• Manage access requests through designated tools, ensuring traceability and response
• times in accordance with defined SLAs.
• Coordinate with Technology and Security teams to implement automation for access
• control processes.
• Participate in internal and external audits by providing documentation and evidence of compliance related to access control practices.
• Contribute to the definition and continuous improvement of policies, procedures, and standards related to identity and access management (IAM).
• Maintain and update the organizational access control matrix based on roles and
• user profiles, ensuring accuracy and consistency.

What do you need:

• Bachelor’s degree in Systems Engineering, Telecommunications, Electronics, or related fields.
• Experience in access control, identity administration, or role management functions across organizations in various sectors.
• Knowledge of Identity and Access Management (IAM) and Identity Governance and Administration (IGA) solutions.
• Access management experience in operating systems (Windows, Linux, macOS), ERP platforms, core banking systems, and SaaS applications.
• Familiarity with security frameworks and regulations such as ISO 27001, NIST, and PCI.
• Intermediate proficiency in collaborative tools such as Google Workspace and Microsoft Office.
• Desirable experience with automation or scripting tools (e.g., PowerShell, Python).
• Ability to analyze access logs, user activity data, and audit records to identify
• anomalies, inconsistencies, or non-compliance events.
• Proficiency in using data analysis tools (e.g., Excel advanced functions, SQL, or BI
• platforms) to support reporting, investigations, and periodic reviews.