Qubeyond
[LATAM] Information Security Compliance and Risk Specialist
Qubeyond, Arlington, Virginia, United States, 22201
[LATAM] Information Security Compliance and Risk Specialist
Qus mission is to deliver world class enterprise software to help restaurant chains thrive in the face of increasing complexity, opportunities, and challenges. Based in Rosslyn, VA, Qu is backed by leading Silicon Valley investors that have also backed Google, Uber, and Dropbox. We are seeking an enthusiastic
Information Security Compliance and Risk Analyst
ready to join a talented, hard-working, and ambitious Infosec team. What youll do here As a key contributor to our security and compliance initiatives, you will apply a deep understanding of risk management principles and a strong command of global privacy regulations. Youll bring hands-on experience in designing, implementing, and auditing comprehensive compliance programs aligned with leading industry standards, including PCI DSS, SOC 2, ISO 27001/27002, and the NIST Cybersecurity Framework. In this role, you will work cross-functionally with internal stakeholders to enhance the organizations security posture, ensure adherence to data protection requirements, and drive ongoing improvements in response to evolving regulatory and industry demands. Responsibilities Support the development, implementation, and enforcement of information security policies, standards, procedures, and controls to meet legal, regulatory, and contractual obligations. Assist in evaluating the organizations existing IT architecture against applicable security frameworks (e.g., NIST CSF, NIST 800-53) to ensure compliance and identify areas for enhancement. Oversee and support the implementation of compliance controls and operational processes aligned with recognized security frameworks and best practices. Plan and execute regular internal audits to ensure ongoing compliance with key security standards such as PCI DSS, SOC 2, and ISO/IEC 27001. Enhance and maintain a comprehensive Risk Management and Incident Response framework to ensure effective identification, mitigation, and response to security threats. Conduct audits and assessments to validate adherence to data protection policies and ensure alignment with global privacy and data protection regulations. Design and deliver privacy and security training programs, including awareness campaigns to foster a security-conscious culture across the organization. Monitor regulatory developments and maintain compliance with evolving privacy laws, including but not limited to CCPA, GDPR, PIPEDA (Canada), and LFPDPPP (Mexico). Bachelor's degree in Information Security, Computer Science, or a related field. Minimum of 3-5 years of experience in Information Security, with a focus on GRC, PCI DSS, SOC 2, ISO 27001, and privacy regulations. Knowledge in privacy regulations and data protection laws in the USA (e.g., CCPA, Texas Act), Canada (e.g., PIPEDA), and Mexico (e.g., LFPDPPP). Experience with risk management practices, security audits, and compliance frameworks, including but not limited to NIST, OWASP, SANS, ISO-27001/2, and Cloud Security Alliance. Strong attention to detail and the ability to work independently. Excellent problem-solving skills with a proactive attitude toward risk mitigation. Strong ethical standards and commitment to data security and privacy. Nice to have General knowledge of cloud environments. Experience working with Governance Risk and Compliance technologies. Experience implementing Data Privacy Technologies. Certifications such as CISA, ITIL Expert, Certified Governance Risk and Compliance (CGRC)
#J-18808-Ljbffr
Qus mission is to deliver world class enterprise software to help restaurant chains thrive in the face of increasing complexity, opportunities, and challenges. Based in Rosslyn, VA, Qu is backed by leading Silicon Valley investors that have also backed Google, Uber, and Dropbox. We are seeking an enthusiastic
Information Security Compliance and Risk Analyst
ready to join a talented, hard-working, and ambitious Infosec team. What youll do here As a key contributor to our security and compliance initiatives, you will apply a deep understanding of risk management principles and a strong command of global privacy regulations. Youll bring hands-on experience in designing, implementing, and auditing comprehensive compliance programs aligned with leading industry standards, including PCI DSS, SOC 2, ISO 27001/27002, and the NIST Cybersecurity Framework. In this role, you will work cross-functionally with internal stakeholders to enhance the organizations security posture, ensure adherence to data protection requirements, and drive ongoing improvements in response to evolving regulatory and industry demands. Responsibilities Support the development, implementation, and enforcement of information security policies, standards, procedures, and controls to meet legal, regulatory, and contractual obligations. Assist in evaluating the organizations existing IT architecture against applicable security frameworks (e.g., NIST CSF, NIST 800-53) to ensure compliance and identify areas for enhancement. Oversee and support the implementation of compliance controls and operational processes aligned with recognized security frameworks and best practices. Plan and execute regular internal audits to ensure ongoing compliance with key security standards such as PCI DSS, SOC 2, and ISO/IEC 27001. Enhance and maintain a comprehensive Risk Management and Incident Response framework to ensure effective identification, mitigation, and response to security threats. Conduct audits and assessments to validate adherence to data protection policies and ensure alignment with global privacy and data protection regulations. Design and deliver privacy and security training programs, including awareness campaigns to foster a security-conscious culture across the organization. Monitor regulatory developments and maintain compliance with evolving privacy laws, including but not limited to CCPA, GDPR, PIPEDA (Canada), and LFPDPPP (Mexico). Bachelor's degree in Information Security, Computer Science, or a related field. Minimum of 3-5 years of experience in Information Security, with a focus on GRC, PCI DSS, SOC 2, ISO 27001, and privacy regulations. Knowledge in privacy regulations and data protection laws in the USA (e.g., CCPA, Texas Act), Canada (e.g., PIPEDA), and Mexico (e.g., LFPDPPP). Experience with risk management practices, security audits, and compliance frameworks, including but not limited to NIST, OWASP, SANS, ISO-27001/2, and Cloud Security Alliance. Strong attention to detail and the ability to work independently. Excellent problem-solving skills with a proactive attitude toward risk mitigation. Strong ethical standards and commitment to data security and privacy. Nice to have General knowledge of cloud environments. Experience working with Governance Risk and Compliance technologies. Experience implementing Data Privacy Technologies. Certifications such as CISA, ITIL Expert, Certified Governance Risk and Compliance (CGRC)
#J-18808-Ljbffr