ISO Security Specialist

Job Type: 

Full Time

General Description:

An experienced professional to ensure the security of all information pertinent to the company. Responsible for recommending methods and techniques to achieve optimal results and helping establish a culture of security across the organization. Supports the achievement of compliance and regulatory goals that are based on the high level of security built into our products and services. Creates processes to support high quality security operations, with real-time monitoring of security and compliance in cloud and on-prem environments with a global user community. Highly knowledgeable of the concepts of security, compliance, and risk assessment as well as have the technical ability to converse with other team members about their plans and security concerns. 

Essential Duties and Responsibilities:

• Co-lead the implementation of technical and operational security controls that are considered safeguards and/or countermeasures to prevent unauthorized access, modification and disclosure of data, software and infrastructure.
• Maintain and manage the Vulnerability Management Program and its phases accordingly.
• Engage internal and external resources to collaborate within the Vulnerability Management Program requirements, deliverables and timeframes.
• Assess SecOps factors and facilitate remediation of identified vulnerabilities for security across the enterprise.
• Maintain metrics and statistics of vulnerabilities, in accordance with environmental factors, SLAs, among other program’s requirements and report to management results of efforts and escalate topics accordingly.
• Align security deliverables with legal, regulatory and contractual requirements that conform with security framework and standards such as NIST SP 800-53 rev 4, ISO/IEC 27000 series, OWASP Top 10, among others.
• Establish processes and procedures for continuous monitoring to allow operational visibility in enterprise environments.
• Reports on findings and recommendations for corrective action.
• Performs SecOps related assessments as assigned utilizing security tools and methodologies.
• Identifies opportunities to reduce risk and documents remediation options regarding acceptance or mitigation of security related scenarios.
• Facilitates and monitors performance of remediation tasks, changes related to mitigation factors & reports on findings.
• Maintains oversight of IT and vendors regarding the security maintenance of their systems and applications.
• Provides periodic status reports, including outstanding issues.
• Assist in all Cybersecurity audits, risk assessments and regulatory compliance.
• Serves as SME within security projects and perform security operational defined processes.
• Promote awareness of applicable regulatory standards, upstream risks and industry best practices across the company.
• Address questions from internal and external audits and examinations.
• Create concise and comprehensive reports related to security violations, including recommendations for addressing any identified control weaknesses.
• Periodically discuss any SecOps related event and/or innovative ideas that shall mature the companies’ security measures.
• Participates in pre-defined capacitation training defined by the unit.
• Implements and maintain secure configuration standards for systems, applications, and network devices, ensuring compliance with industry’s best practices and organizational policies.
• Regularly review and update configuration baselines to address emerging threats and vulnerabilities.
• Manages and support Public Key Infrastructure (PKI) operations, including certificate lifecycle management, key generation, distribution, renewal, and revocation.
• Collaborate with IT and application teams to integrate PKI solutions for authentication, encryption, and digital signatures across enterprise platforms.
• Monitors and audit PKI usage to ensure proper security controls and compliance with regulatory requirements.

Education:

Bachelor’s degree in Computer Engineering, Computer Sciences, Information Systems, or related fields.

Experience

Three (3+) years of related experience in designing, managing and improving security processes for vulnerability management, secure configuration, and Public Key Infrastructure (PKI) operations in a complex technological environment.

Certifications / Licenses

Certifications are highly desirable but not required.

CompTIA SEC+, ISC2 SSCP, CISSP, CISM, or vendor-specific PKI certifications. 

Knowledge, Skills and Abilities

• Strong business acumen: ability to understand the needs and concerns of business stakeholders and colleagues and respond promptly and effectively to stakeholder requests. An ability to conduct analysis of work procedures and business results and recommend changes to improve the effectiveness of the business' management.
• Strong technical acumen: knowledge of Cyber Security, Information Security, and Information Technology concepts. Strong knowledge of processes, controls, efficiency metrics and reporting concepts. Ability to write technical instructions using programs and technology. Robust knowledge of applicable local and federal laws, regulations, and guidelines.
• Communication skills: effectively interact with internal and external stakeholders. Ability to foster trusting relationships with colleagues and clients. Highly develop written and verbal communications skills in English. Presents numerical data effectively. Superior communication and interpersonal skills. Excellent report-writing and presentation skills. Polished in preparing presentations, executive summaries, and business reports in English for executive audiences.
• Analytical skills: Stays focused on main issues, prevents irrelevant issues or distractions from interfering with timely completion of assignments. Collects, research and complements data; Synthesizes complex or diverse information. Demonstrates attention to detail; Applies design principles; Generate creative solutions. Strong quantitative, research and analytical skills. Experience with data analysis, persuasive and informative writing, workload management, and process management.
• Problem Solving: Identifies and resolves problems in a timely manner; Develops alternative solutions.
• Project Management: Ability to prioritize and work with multiple projects and tasks with minimum supervision; self-direct and task switch between strategic and tactical initiatives regularly. Capacity to achieve results according to plan ensuring the expected quality. Excellent organization capacity to define priorities, meet deadlines, and flexible to change. Knowledge of project coordination, identification of business needs, work plan, budget control, time management, resource allocation, team management and status reports. Must demonstrate leadership, logic, and reasoning skills. Strong understanding of Agile methodologies, particularly Scrum or Kanban.
• Operational/Regulations Processes: Knowledge of budget administration, resources allocation, organization’s policies, and regulations. Ability to establish, conduct and track operational processes properly.
• Computer and Technological Skills: Proficient in MSO 365. Experience with data management tools such as: Power Pivot and Power BI, among others, is desired. Ability to achieve results by providing innovative ways of working with operational and technological considerations.

Region Locations

Puerto Rico

Work Schedule

Hybrid

Values

1. Passion for People

3. Succeed Together

2. Own Every Moment

4. Build the Future

Additional Requirements

The information provided here is only a general guide as to the nature of the position and does not constitute an exact description of the goals, tasks, duties and responsibilities of the position. The specific details of each position are described in the employee’s performance evaluation.

Important: The candidate must provide evidence of academic preparation or courses related to the job posting, if necessary. 

Important: The candidate must provide evidence of academic preparation or courses related to the job posting, if necessary.

Our hybrid work model benefit applies to certain positions and is subject to changes based on the organizational needs.

Applicants must be authorized to work for any employer in the United States.  This position is not open to applicants who need visa sponsorship or transfer of visa sponsorship at this time.

ABOUT US

Popular is Puerto Rico’s leading financial institution and have been evolving since it was founded over a century ago. From a small bank it has developed into a large corporation that offer a wide variety of services and financial solutions to our customers, with presence in the United States, the Caribbean and Latin America.

As employees, we are dedicated to making our customers dreams come true by offering financial solutions in each stage of their life. Our extensive trajectory demonstrates the resiliency and determination of our employees to innovate, reach for the right solutions and strongly support the communities we serve; therefore, we value their diverse skills, experiences and backgrounds.

We reaffirm our commitment to always offer essential financial services and solutions for our customers and communities, including during emergency situations and/or natural disasters. Popular’s employees are considered essential workers, whose role is critical in the continuity of these important services even under such circumstances. By applying to this position, you acknowledge that Popular may require your services during and immediately after any such events.

If you have a disability or need more information about requesting an accommodation, please contact us at asesorialaboral@popular.com. This email inbox is monitored for such types of requests only. All information you provide will be kept confidential and will be used only to the extent required to provide needed exemptions or reasonable accommodations. Any other correspondence will not receive a response.

Are you ready for a rewarding career?

Popular is an Equal Opportunity Employer, including Disability/Vets
Learn more about us at www.popular.com and keep updated with our latest job postings at www.jobs.popular.com.
Connect with us!
LinkedIn  |   Facebook   |   Twitter   |   Instagram

If you are a California resident, please click here to learn more about your privacy rights.