[Hiring] Cybersecurity Risk Management Senior Analyst @HireLATAM

Role Description

Our Client is seeking a Cybersecurity Risk Management Senior Analyst to drive the GRC function within a large-scale enterprise environment. This is a high-impact position responsible for assessing technology risks across multiple markets and business units. The Senior Analyst will work cross-functionally with cloud, legal, audit, and technology teams to evaluate control effectiveness and document risk exposure. This role is ideal for a professional with deep analytical capabilities and practical experience navigating complex cybersecurity frameworks in a regulated industry.

Key Responsibilities

• Cybersecurity Risk Assessments:
  • Conducts comprehensive risk assessments for applications, infrastructure, cloud environments (SaaS/IaaS), and strategic technology initiatives.
  • Evaluates cybersecurity, operational, resiliency, and data protection risks to determine inherent and residual exposure.
  • Supports risk treatment planning and tracks remediation activities to ensure security gaps are closed.
• Third-Party & Vendor Risk Management:
  • Leads cybersecurity due diligence for vendors, reviewing SOC reports, ISO certifications, and penetration testing summaries.
  • Identifies security gaps in third-party environments and provides actionable mitigation recommendations.
  • Monitors ongoing vendor security posture and supports the onboarding of new service providers.
• Governance, Reporting & Compliance:
  • Maintains and updates enterprise cybersecurity risk registers, ensuring all risks are prioritized and assigned.
  • Develops executive-level risk metrics, dashboards, and Key Risk Indicators (KRIs) for technical and non-technical stakeholders.
  • Supports internal and external audits, assisting with evidence collection and documentation management.
  • Aligns organizational initiatives with frameworks such as ISO 27001, NIST CSF, PCI DSS, and SOC 2.

Qualifications

• Education: Bachelor’s degree in Cybersecurity, Information Technology, Engineering, or Risk Management.
• Experience: 6+ years in cybersecurity risk management, IT audit, or security compliance.
• Core Expertise: Mandatory experience performing cybersecurity and technology risk assessments in an enterprise environment.
• Technical Knowledge: Strong understanding of cloud security, Identity & Access Management (IAM), vulnerability management, and data privacy.
• Language: Professional proficiency in English (Mandatory) and Spanish.
• Frameworks: Familiarity with ISO 27001, NIST CSF, COBIT, and PCI DSS.

Requirements

• Preferred Qualifications:
  • Professional certifications: CRISC, CISA, CISSP, or ISO 27001 Lead Auditor.
  • Experience in telecommunications, financial services, or other highly regulated sectors.
  • Proficiency with GRC platforms such as Archer, AuditBoard, or ServiceNow.
  • Exposure to cyber risk quantification methodologies.

Benefits

• Enterprise Scale: Opportunity to work on massive, regional cybersecurity initiatives across multiple operating markets.
• Professional Growth: Direct exposure to enterprise-level GRC strategy and senior leadership reporting.
• Remote Flexibility: Dedicated professional services role with a remote/hybrid model depending on location.
• Multicultural Environment: High-visibility role working across the Latin American and Caribbean regions.