Job summarythis role is a key contributor to the enterprise cybersecurity governance strategy, responsible for leading initiatives that enhance security awareness, ensure audit preparedness, and strengthen vendor governance. The senior compliance analyst will operate with limited supervision, influence cross-functional teams, and serve as a knowledgeable partner on cybersecurity frameworks, risk mitigation practices, and regulatory compliance.about the rolecompliance leadershipact as the primary compliance representative, fostering a culture of accountability and proactive risk management through direct engagement with business units.policy governanceoversee the annual review and enhancement of internal policies in alignment with frameworks such as scf, pci dss, and iso 27001. Collaborate with stakeholders to ensure policies are current, enforceable, and audit-ready.audit & vendor governancelead coordination of external audit responses and annual vendor risk assessments. Ensure timely and accurate documentation, and drive resolution of compliance gaps across saas platforms and third-party engagements.security awareness strategydesign and execute enterprise-wide cybersecurity awareness campaigns to elevate participation in security awareness training (sat). Develop targeted messaging and leverage creative tools and communication strategies to maximize engagement, reinforce secure behaviors, and ensure alignment with organizational risk posture.cross-functional collaborationpartner with legal, procurement, it, and business units to ensure compliance messaging is aligned, actionable, and well-integrated into operational workflows.reporting & metricsmaintain dashboards and executive summaries on training completion, audit status, and vendor compliance. Provide insights and recommendations to leadership for continuous improvement.skills & experienceexperience: 3+ yearseducation: bachelor/university degree in business, information systems, cybersecurity, or a related fieldlicense/certification: certified information system security professional (cissp) preferredlanguage: fluent reading, writing, and speaking in english. All resumes need to be submitted in english.additional skills & abilitiesdemonstrated expertise in regulatory frameworks (pci dss, nist csf, iso 27001) and grc tools (e.g., onetrust)strong leadership, communication, and stakeholder management skills.proven ability to manage complex projects, influence without authority, and drive cross-functional outcomes.creative thinker with experience in campaign development.this job requires on-site work at a mary kay facility.ubicaciones de trabajosmexico main officepuestosistemas y tecnología de informaciónviajeno
#j-18808-ljbffr