This role is a key contributor to the enterprise cybersecurity governance strategy, responsible for leading initiatives that enhance security awareness, ensure audit preparedness, and strengthen vendor governance. The senior compliance analyst will operate with limited supervision, influence cross-functional teams, and serve as a knowledgeable partner on cybersecurity frameworks, risk mitigation practices, and regulatory compliance.
about the role
* compliance leadership
* act as the primary compliance representative, fostering a culture of accountability and proactive risk management through direct engagement with business units.
* policy governance
* oversee the annual review and enhancement of internal policies in alignment with frameworks such as scf, pci dss, and iso 27001. Collaborate with stakeholders to ensure policies are current, enforceable, and audit-ready.
* audit & vendor governance
* lead coordination of external audit responses and annual vendor risk assessments. Ensure timely and accurate documentation, and drive resolution of compliance gaps across saas platforms and third-party engagements.
* security awareness strategy
* design and execute enterprise-wide cybersecurity awareness campaigns to elevate participation in security awareness training (sat). Develop targeted messaging and leverage creative tools and communication strategies to maximize engagement, reinforce secure behaviors, and ensure alignment with organizational risk posture.
* cross-functional collaboration
* partner with legal, procurement, it, and business units to ensure compliance messaging is aligned, actionable, and well-integrated into operational workflows.
* reporting & metrics
* maintain dashboards and executive summaries on training completion, audit status, and vendor compliance. Provide insights and recommendations to leadership for continuous improvement.
skills & experience experience: 3+ years
education: bachelor/university degree in business, information systems, cybersecurity, or a related field
license/certification: certified information system security professional (cissp) preferred
language: fluent reading, writing, and speaking in english. All resumes need to be submitted in english.
* additional skills & abilities
* demonstrated expertise in regulatory frameworks (pci dss, nist csf, iso 27001) and grc tools (e.g., onetrust)/
* strong leadership, communication, and stakeholder management skills.
* proven ability to manage complex projects, influence without authority, and drive cross-functional outcomes.
* creative thinker with experience in campaign development.
additional information:
* english proficiency
* share your resume in english
* opportunity to work in monterrey (purple towers)
* hybrid mode work model 3 days on site 2 home office
* direct hire with the client since day one