M1 - IT Security Lead - Business Partner

Objective of the Role

As the IT Security Business Partner Lead, you will be responsible for leading the IT security business partnership function within our fintech product development company. This senior role involves managing a team of IT security business partners, ensuring the protection of our infrastructure, cloud environments, development processes, and compliance with regulatory requirements. You will play a critical role in enhancing the security maturity of our products and services, fostering collaboration between IT and security teams, and driving strategic security initiatives.

Main Responsibilities

Strategic Leadership & Partnership

• Act as the primary Information Security representative and strategic consultant, translating security requirements and risks for business, technology, and executive leadership (CTSO/CISO).
• Align the cybersecurity strategy with the company's strategic objectives, ensuring security is integrated into all new business ventures, product development, and technology projects.
• Lead and mentor the Cybersecurity Business Partner team, driving alignment, promoting diversity and inclusion, and continuously managing team performance against key strategic objectives.

Risk Management & Compliance Oversight

• Own the Business Security Risk Landscape: Perform periodic, holistic risk reviews, coordinate mitigation plans with technical teams, and ensure the appropriate level of security maturity across the organization.
• Govern Policies and Audits: Oversee the dissemination of and compliance with Information Security Policies, and lead efforts to meet both internal and external audit requirements and regulatory mandates.
• Develop Business Security Indicators: Design and implement key metrics (KPIs) to measure and report the effectiveness and maturity of the security posture to executive leadership monthly.

Operational Engagement & Incident Response

• Manage Cross-Functional Relationships: Serve as the central liaison and point of contact for key internal departments (e.g., CTSO for operational security, CISO for governance), facilitating seamless communication and collaboration.
• Drive Security Maturity: Ensure proactive vulnerability management and escalate critical threats that jeopardize the Confidentiality, Integrity, and Availability (CIA) of the business to the Monitoring and Response (SOC) team.
• Participate in Incident Response: Provide critical business context and coordination support during security incidents to ensure timely and effective containment and resolution.

Culture, Innovation & Empowerment

• Embed Security Culture: Participate in business committees and rituals to identify emerging security needs, providing training and guidance to stakeholders on best security practices.
• Promote Autonomy and Innovation: Actively foster an autonomous work culture within the team, driving innovation by exploring new security technologies, secure development practices, and industry best practices.

Required Knowledge and Experience

• Bachelor's degree in computer science, Information Technology, or a related field.
• Over 8+ years of experience in managing security controls across various layers: data, end-user devices, cloud, infrastructure, perimeter networks, and web and mobile applications.
• Deep knowledge of security technologies, cryptography, secure development, and application security.
• Familiarity with security audits, regulatory compliance, and security risks.
• Proven experience in project management, including planning, execution, and monitoring of security initiatives.
• Desirable security certifications: CISSP, CISA, CISM, and PCI.
• Intermediate English communication skills.

Spin está comprometida con un lugar de trabajo diverso e inclusivo. 
Somos un empleador que ofrece igualdad de oportunidades y no discrimina por motivos de raza, origen nacional, género, identidad de género, orientación sexual, discapacidad, edad u otra condición legalmente protegida. 
Si desea solicitar una adaptación, notifique a su Reclutador.