About Baubap
We are a fast-growing, Mexican fintech startup with the mission to become the bridge to people’s financial freedom through technology.
We are providing microloans to people in financial need through a fast and efficient process, always treating them with the respect and dignity they deserve.
Our long-term vision is to be the most inclusive digital bank in LATAM with more than 2.5 million clients.
About your role
As a Senior Security Engineer, you will serve as our security matter expert, playing a critical role in protecting our organization's digital assets. Your responsibilities extend beyond implementing advanced security protocols to effectively communicating complex security concepts to both engineers and non-engineers.
In this key position, you will oversee our security vendors, manage security policies and incidents, and lead the implementation of security tools. Ensuring compliance with top-tier IT security standards such as CIS-18, ITIL4, and DevSecOps, you will safeguard our growing client base and credit portfolio.
Objectives
- Vendor Management: Oversee and manage relationships with security vendors, ensuring they meet our security standards and contribute effectively to our security posture.
- Evaluation and Recommendation of Security Tools: Continually assess and recommend security tools, technologies, and processes that will enhance the organization's security posture.
- Security Tool Implementation: Lead the selection and implementation of security tools, ensuring they integrate seamlessly into our systems and enhance our security measures.
- Design and Implement Robust Security Architecture: Develop and implement systems that can effectively defend against threats. These systems should incorporate the latest security protocols and tools.
- Conduct Regular security assessments: Regularly perform system testing to ensure the effectiveness of security measures. This can include penetration testing, vulnerability assessments, and security audits.
- Maintain Awareness of Latest Security Threats and Developments: Stay up-to-date with the latest cybersecurity threats, vulnerabilities, and trends. This information should guide the update and refinement of the organization's security systems.
- Incident Response and Recovery: Develop and implement procedures for responding to security incidents and for restoring operations in the event of an attack or disaster. This includes creating a detailed incident response plan.
- Promote Security Best Practices: Encourage a culture of security consciousness within the organization. This can involve developing and delivering training sessions to educate staff on security best practices and potential risks.
- Compliance and Governance: Ensure that all security policies, procedures, and systems are in compliance with relevant laws, regulations, and standards. This might involve regular audits and documentation.
- Security Culture and Strategy: Implement training plans and strategies to integrate security into organizational processes.
Responsibilities
- System Design and Implementation: Develop and execute robust security infrastructures to safeguard the organization from cyber threats.
- Security Monitoring: Oversee security access and conduct assessments to identify potential vulnerabilities.
- Vendor Oversight: Manage security vendor relations and performance.
- Incident Management: Lead the response to security breaches and coordinate recovery actions.
- Security Training and Policies: Develop and enforce security policies, conduct employee training, and foster a security-conscious culture.
- Technology Evaluation: Assess and recommend security products to strengthen the organization's defenses.
- Collaboration: Work with different departments to incorporate security practices into daily operations.
- Compliance and Certification: Guide the pursuit of CIS SecureSuite Certification and ensure regulatory compliance.
Requirements
- Bachelor’s or Master’s degree in Computer Science, Information Technology, Cybersecurity, or a related field, or equivalent experience.
- 7+ years of experience in IT security, with a proven track record of leading security projects and teams.
- Recognized certifications in cybersecurity, such as Certified Information Systems Security Professional (CISSP), Certified Ethical Hacker (CEH)