IT Security Manager

Reports to: Colombia and Mexico Business Operations Manager Travel: Occasional international travel (up to 5%) Language: English C1 - MANDATORY About the Role We are an international, IT-focused company seeking an experienced IT Security Manager based in Colombia to lead the security program across all entities and teams. This role will ensure our controls are effectively designed and operated, drive security certification readiness (e.g., ISO/IEC 27001, SOC 2) , and champion secure‑by‑design practices across infrastructure, applications, and data. Fluent English proficiency is mandatory for cross‑border collaboration, documentation, and audits. What You’ll Do: Security Governance & Strategy Define, implement, and maintain the Information Security Management System (ISMS) aligned to industry frameworks (e.g., ISO 27001, SOC 2, NIST CSF, CIS Controls). Develop and maintain security policies, standards, procedures, and playbooks across global entities. Establish security KPIs/OKRs, dashboards, and regular reporting to leadership. Certification & Audit Readiness Own risk assessment and treatment plans (asset‑based and process‑based), including vendor/third‑party risk. Maintain risk registers; perform control testing and maturity assessments. Drive security by design in projects, architecture reviews, and change management. Operational Security Oversee vulnerability management (scanning, prioritization, remediation SLAs) across endpoints, cloud, and application layers. Coordinate incident response: detection, triage, containment, root‑cause analysis, and post‑mortems. Partner with IT/Engineering to harden configurations (Secure baseline, CIS Benchmarks), patching, endpoint protection/EDR, SIEM/SOAR use cases. Compliance & Privacy Align controls with applicable regulations and customer/contractual obligations (e.g., GDPR/UK GDPR, CCPA as relevant). Maintain records of processing, data retention, and breach notification processes in partnership with Legal/Privacy. Training & Culture Lead security awareness, phishing simulations, and role‑based training. Promote a culture of continuous security improvement and accountability across global teams. Minimum Qualifications 5+ years of progressive experience in Information Security, with at least 3 years in a leadership/management capacity. Proven track record delivering or maintaining ISO 27001 and/or SOC 2 certifications in an international environment. Strong knowledge of security frameworks and standards: ISO/IEC 27001/27002, SOC 2 (Trust Services Criteria), NIST CSF, CIS Controls . Hands‑on expertise in one or more: vulnerability management, incident response, cloud security, endpoint security, identity & access management. English: Advanced (C1+) able to lead meetings, write audit‑ready documentation, and negotiate requirements with global stakeholders. Bachelor’s degree in Computer Science, Information Security, Engineering, or equivalent experience. Preferred Qualifications Experience in AWS/Azure/GCP security architecture and guardrails. Familiarity with DevSecOps practices and tooling (SAST/DAST, container security, IaC scanning). Knowledge of privacy and data protection obligations (GDPR, Colombian Habeas Data, cross‑border transfer mechanisms). Background in third‑party risk management and customer assurance due diligence. Working Conditions Remote role based in Colombia with overlap into North America/EMEA time zones as needed. Direct contract, un‑defined term, all the legal benefits. Occasional travel for audits, team offsites, and certifications. Seniority level Director Employment type Full‑time Job function Information Technology Industries Technology, Information and Media #J-18808-Ljbffr