IT Information Security Manager
Indexed description
Island Finance is not only a Financial Company committed to the future of Puerto Rico, but also works every day to offer the highest quality of service and is the one who has reached out to thousands of clients when they have needed it most, in addition to maintaining a positive and dynamic work environment with a team committed to offering the best.
We are the Financial Company of the 21st century, with over five decades helping you realize your dreams. Because there is one thing that does not change and that is that sixty-five years later we are here...
We deeply appreciate your support and reaffirm our commitment. That's why with us... ¡¡Yes, you can!!
General Job Summary
Accountable for defining, executing, and maturing the institution’s enterprise cybersecurity program, protecting the confidentiality, integrity, and availability of information and critical services. Leads governance, risk, and compliance (GRC), cloud security (OCI/AWS), security operations (SIEM/EDR/DLP), identity and access management (IAM/PAM), incident response, and business continuity—ensuring financial‑sector regulatory compliance and safeguarding sensitive client and investor data.
Essential Functions
People, Strategy, Governance, and Risk (GRC)
- Manage the Information Security Unit, through defining the strategy, the team roles, responsibilities, development, performance objectives, and metrics for high-level execution.
- Define the cybersecurity strategy and roadmap based on NIST CSF / ISO 27001 / COBIT, with KPIs/OKRs, budget, and executive metrics.
- Establish and maintain policies, standards, and procedures (access, encryption, data classification/retention, secure SDLC, third parties, DR/BCP).
- Drive integrated risk management: risk register, periodic assessments, risk appetite, treatment plans, and reporting to Risk Committee/Executive leadership.
- Regulatory Compliance and Privacy – Financial Sector
- Ensure compliance with GLBA, FFIEC, PCI DSS, SOX‑ITGC, ISO 27001, OCIF/FDIC guidelines, and privacy frameworks (GDPR/CCPA, as applicable).
- Coordinate internal/external audits and regulatory exams; remediate findings and evidence controls, documentation, and metrics.
- Govern third parties and critical vendors (TPRM): due diligence, security/SLA clauses, SOC 1/2 reviews, escalations, and continuity.
- Security Architecture and Operations
- Design and implement Zero Trust architectures, segmentation, SASE/CASB, WAF, encryption in transit and at rest, KMS/HSM, and centralized telemetry.
- Govern the security stack (e.g., SIEM, EDR, DLP, EPP, Microsoft Defender, Fortinet, email security, MDM) and automation (SOAR) to reduce MTTR.
- Lead vulnerability and patch management (e.g., Qualys): continuous scanning, risk‑based prioritization (CVSS/EPSS), remediation SLAs, and validation.
- Coordinate penetration tests/Red Team and hardening aligned to CIS/NIST benchmarks.
- Cloud Security (OCI / AWS)
- Design and operate security in OCI and AWS: CSPM, cloud IAM, secure networks (VPC/VNet), container security, secrets/keys, logging, and alerting.
- Ensure VPN/SD‑WAN connectivity and edge controls, with event logging and detections centralized in the SIEM.
- Govern SSO, MFA, RBAC/ABAC, the joiner‑mover‑leaver lifecycle, access reviews, and
- PAM (privileged accounts), integrating AD/Azure AD and cloud directories.
- Enforce segregation of duties (SoD) and least privilege across all critical systems.
- Maintain the IRP (Incident Response Plan) with playbooks and SOC runbooks; coordinate with Legal/Communications and regulatory notification as required.
- Lead digital forensics, root‑cause analysis, and lessons learned with improvement plans.
- Co‑lead BCP/DR with Technology and Operations: BIA, RTO/RPO, and periodic multi‑site/multi‑region exercises (on‑prem/cloud).
- Business Continuity
- Vendor & Cost Management
- Documentation & Continuous Improvement (BAU)
- Leadership, Team, and Vendors
- Bachelor’s degree in engineering (Computer/Telecommunications/Electrical) or Computer Science, or equivalent experience.
- 7–10+ years in cybersecurity/GRC/architecture, with 3+ years leading security or SOC teams.
- Experience in financial services and regulated environments; direct interaction with auditors and regulators.
- Implementation of NIST CSF/ISO 27001, PCI DSS, and cloud‑security practices (OCI/AWS).
- Comprehensive and balanced knowledge base that spans technical expertise, business acumen, and leadership skills to manage the organization's strategic security posture effectively.
- Bilingual (Spanish and English).
- Customer-focused and service-oriented.
- Strong verbal, written, and negotiation skills to retain the existing customer base.
- SIEM, EDR, DLP, SOAR, IAM/PAM, data governance, encryption, WAF, CSPM, SASE/CASB, DevSecOps, and secure SDLC.
- Networks and perimeter controls; Zero Trust, segmentation, VPN/SD‑WAN.
- Incident handling and forensics; vulnerability platforms (e.g., Qualys).
- Fortinet NSE 4/7 or higher; Cisco CCNA/CCNP; CompTIA Network+/Security+; ITIL v4 Foundation.
- Cloud certifications with networking emphasis: AWS (Advanced Networking/SAA), OCI (Networking/Architecture).
- Certifications (preferred/strong)
PCI‑ISA/PCIP, GIAC (GCIH/GCIA/GPEN), AWS Security Specialty / OCI Architect/Professional, ITIL v4.
- Competency
Critical thinking, risk‑based prioritization, results orientation; bilingual Spanish/English.
- Conditions
Successful background check per internal and regulatory policies.
Island Finance is an Equal Opportunity Employer
Learn more about us at Island Finance and keep updated with our latest job postings at Island Finance Empleos
Connect with us!
Linkdnl | Facebook
Create a free Caio profile to unlock more results and save your role and location preferences.
Unlock free search