IT Risk Specialist

About the Role:

We are a leading fintech company in Mexico, at the forefront of revolutionizing financial services through technology and innovation in Latin America. We are seeking a dynamic and experienced IT Risk Specialist to support the execution of the IT Risk programs and activities within the Non Financial Risk squad in Nu Mexico. This role combines strategic oversight of IT risk management, ensuring our organization is well-positioned to navigate and fight the complexities of the environment.

Key Responsibilities:

• Perform, oversee and provide advisory on the identification, assessment, and mitigation of IT risks, incorporating innovative risk management practices and technology solutions.
• Evaluate existing IT systems, applications (e.g., microservices, webapps, mobile apps, etc.), IT third-party vendors such as SAAS, professional IT services, BPOs, APIs, and telecommunications infrastructure to support the implementation of Risk and Control Self Assessment Program (RCSA).
• Conduct independent control tests to verify the effectiveness of the IT control environment of the company, identify and document IT control gaps, and recommend risk mitigants. 
• Establish and connect action plans for risk mitigation with the risk governance methodology of the firm.
• Execute technology risk assessments on new products & features according to the internal standard methodologies, policies and general practices.
• Generate and submit regulatory reports on IT risk for senior management, regulatory bodies and relevant committees.
• Provide oversight and subject matter expertise in IT and cybersecurity risk during the implementation of new IT systems, telecommunication infrastructure, and third-party services, as well as on relevant changes in existing technology and infrastructures supporting business products in Mexico.
• Monitor Engineering, Data and Cybersecurity incidents, perform independent analysis of root causes and risks, propose action plans to improve the control environment, analyze incident information to generate reports and metrics, and connect the action plans with the risk governance methodology of the firm.
• Support the monitoring of emerging IT & cyber risks, new threats, and infrastructure and application vulnerabilities.
• Enhance and maintain robust frameworks and policies for IT risk management and IT third-party risk management, aligned with global standards and meeting local regulatory requirements.
• Serve as a key advisor to risk leadership and internal stakeholders on IT risk matters, ensuring transparent communication and effective stakeholder management.
• Stay ahead of evolving regulatory guidelines, technological advancements, and industry best practices in risk management, applying insights to strengthen our risk posture.

Requirements:

• Minimum of 5 years of experience in cybersecurity or IT Risk Management.
• Bachelors’ degree in Engineering, Computer Science, Information Technology, a Risk Management related field, or equivalent experience.
• In-depth knowledge of IT and cybersecurity risk management concepts, practices and methods.
• Understanding of cloud computing models such as Infrastructure as a Service (IaaS), Platform as a Service (PaaS), and Software as a Service (SaaS). Familiarity with cloud providers like Amazon Web Services (AWS) and serverless technologies.
• Understanding of cybersecurity concepts such as confidentiality, integrity and availability, supply chain risks, cryptography, endpoint and network security, cloud security, mobile security, API security, etc.
• Understanding of DevOps practices and tools used in cloud environments, such as continuous integration/continuous deployment (CI/CD) pipelines and containerization.
• Knowledge of risk management frameworks and methodologies to identify, assess and manage risks.
• Proven experience in risk management within the fintech sector is a plus.
• An advanced degree (e.g., MS with concentration in information systems) is a plus.
• Certificates in information security or IT risk management (CISSP, CEH, OSCP, CISA, CISM, CRISC, ISO27001 and/or other) is a plus.
• Proficiency in using risk management software, tools, and agile methodologies is highly preferred.
• An ability to navigate and thrive in a technology-driven environment, with a strategic mindset towards leveraging technology in risk management to transform our day-to-day.
• Fluent in English and Spanish, with exceptional communication skills to articulate complex risk scenarios and strategies effectively.

Benefits

• Health and life insurance 
• Food card
• 15 days of paid vacation with 25% vacation bonus
• Holiday Bonus ("Aguinaldo") of 30 days of pay per year
• NuCare - Our mental health and wellness assistance program
• NuLanguage - Our language learning program
• Extended maternity and paternity leaves 
• Equity at Nubank

*Interviewing and onboarding are currently done virtually due to COVID-19. Everyone new to the team and our current staff will remain working from home until it is safe to return to our offices. When it’s time, we will require a fixed cadence of visiting the office in which employees go to their Business Unit's (BU) base location. Employees will have an employment contract based on the cities that Nu’s offices are located, considering their country of hire. More details can be shared during your hiring process.