Country/Region:  MX
Requisition ID:  12723
Work Model:  Hybrid
Position Type:  Contract
Salary Range: 

Title:  Subcontractor



The ideal candidate will have expertise in various risk management frameworks, including NIST CSF, ISO 31000, RMF, ISO 27001, SOC 2, ISO 27036 for third-party risk management, as well as a strong understanding of cybersecurity principles, excellent business acumen, and experience in conducting vendor and supply chain risk assessments.


  1. Risk Assessment: Conduct comprehensive risk assessments across various aspects of the organization, including information security, operational, financial, and strategic areas.
  2. Framework Implementation: Shall possess experience in assessment, implementation and maintain risk management frameworks, including NIST CSF, ISO 31000, RMF, ISO 27001, SOC 2, and ISO 27036, to ensure compliance and alignment with industry standards. Shall possess knowledge about understanding SOC Type 2 reports and be able to suggest actions accordingly to the relevant stakeholders.
  3. Vendor and Supply Chain Risk: Assess and manage vendor and supply chain risks by conducting thorough risk assessments, due diligence, and ongoing monitoring.
  4. Third-Party Risk Management: Implement ISO 27036 standards for third-party risk management and ensure that third-party relationships comply with our security and risk management requirements.
  5. Security Compliance: Work closely with internal teams and third-party vendors to ensure compliance with ISO 27001 standards and assist in the development and maintenance of security policies and procedures.
  6. Incident Response: Develop and maintain incident response plans, participate in incident response activities, and provide recommendations for process improvement. Shall be able to adapt to use the existing tools and procedures. Also shall be able to suggest the processes improvements in terms of incident handling.
  7. Cybersecurity Knowledge: Stay updated on the latest cybersecurity threats, trends, and best practices, and integrate this knowledge into risk assessments and mitigation strategies. Shall have experience in providing threat intelligence with the ongoing business activities.
  8. Risk Mitigation: Collaborate with cross-functional teams to develop and implement risk mitigation strategies and action plans, particularly related to vendor and supply chain risks. Shall be able to develop the risk register and implement the risk mitigation plans accordingly.
  9. Monitoring and Reporting: Continuously monitor risk factors, perform risk assessments, and provide regular reports and updates to senior management.
  10. Business Acumen: Understand the company's business goals and objectives, align risk management strategies with business priorities, and contribute to informed decision-making.


  • Proven 4 to 5 years’ experience in risk management with a focus on NIST CSF, ISO 31000, RMF, ISO 27001, and SOC 2.
  • Strong understanding of cybersecurity principles, best practices, and industry standards.
  • Excellent analytical and problem-solving skills with a keen attention to detail.
  • Effective communication and interpersonal skills to collaborate with cross-functional teams.
  • Ability to work independently and efficiently, manage multiple tasks, and meet deadlines.
  • Relevant certifications such as Certified Information Systems Security Professional (CISSP), Certified Information Security Manager (CISM), or Certified Risk Management Professional (CRMP) or Certified Risk and Information Systems Control (CRISC) or Security+ is a plus.