Cybersecurity Manager at Qualifinds®

Job Objective: 

The CyberSecurity Manager will be responsible for ensuring regulatory compliance in Information Security and Cybersecurity within the Mexican regulatory framework (CNBV, Banxico/SPEI), as well as strengthening the governance, risk, and control (GRC) model to protect the organization’s information assets.

This role will act as the Information Security Officer before regulators, leading the compliance strategy, ensuring the proper implementation of controls based on international standards, and enabling secure business operations. Additionally, this position will serve as a key partner to technology and operations teams in designing security controls and managing risks in dynamic and highly regulated environments.

Responsibilities:

• Perform the duties of the Information Security Officer to address regulatory requirements (CNBV, Banxico), serving as the role holder.
• Ensure the information security strategy remains up to date to leverage new technology and evolving threat intelligence.
• Manage regulatory compliance (IFPE, CNBV, BANXICO, financial entity, among others); implement internal control and a testing model for regulations applicable to financial services and technology.
• Define and maintain the Information Security and Cybersecurity practice based on international standards (ISO 27001, ISO 27002, ISO 27017, ISO 27032, NIST CSF, NIST 800-53, CIS Controls, PCI DSS).
• Ensure management of regulatory and information security risks; maintain a comprehensive risk management model and collect information required for regulatory reporting.
• Define, implement, and keep up to date a security dashboard with key indicators applied to products and technology.
• Support third-party selection processes and perform second-line reviews of third-party security compliance.
• Partner with operations/technology teams to design security controls ensuring adherence to information security policies and best practices across products, applications, tools, and infrastructure.
• Manage security alerts communicated by regulators or other sources, and manage information security incidents across identification, protection, detection, response, and recovery stages.
• Validate and approve completion of corrective measures to address improvement areas and audit findings related to technology infrastructure and information security.
• Support ongoing supervision activities, including regulatory examinations, ensuring compliance with all regulatory reporting obligations.
• Serve as the point of contact for regulatory inquiries regarding Information Security related to the organization’s products, services, and activities.
• Maintain strong industry knowledge of regulations, changes, trends, and the impact of Mexican regulations on the business.
• Ensure appropriate processes exist for the timely and accurate submission of regulatory reports.
  
   

Requirements:

• Bachelor’s degree in Computer Systems Engineering, Computer Science, or a related field. A relevant financial certification is a plus.
• 5+ years designing and implementing the security scheme and addressing operational requirements for Electronic Payment Funds Institutions (IFPE).
• 5+ years implementing Information Security and Cybersecurity best practices: definition, implementation, and continuous assessment of controls, policies, and procedures (e.g., ISO 27001, ISO 27002, ISO 27032, NIST CSF, CIS Controls, PCI DSS).
• 3+ years managing compliance programs for technology and information security regulatory matters within the financial industry or regulated payments/financial services in Mexico (digital bank, IFPE, financial institutions, banking correspondents, SPEI participants).
• 3+ years designing and implementing the security scheme and addressing regulatory requirements applicable to financial entities/societies.
• 3+ years of experience in technology risk and information security risk management.
• Experience engaging with regulators and preparing materials, acting as the lead for regulatory requirements, internal control, and compliance for SPEI (Information Security Officer).
• Proven capability to manage third-party/vendor information security for IFPE services, technology, and processes requiring security assessment.
• Expert knowledge and experience with enterprise security technologies, tools, and services for cybersecurity and data protection (cloud, IT infrastructure, networks, applications, mobile, endpoint).
• Highly organized, strong attention to detail, and able to manage multiple initiatives while meeting tight deadlines.
• Proven ability to lead meetings with financial regulators and senior executives.
• Proactive, time-sensitive, and results-driven approach to responsibilities.
• Ability to adapt to changing business and regulatory environments.
• Unquestionable ethics and integrity; commitment to inclusion and trust.
• Ability to work independently with limited supervision.
• Exceptional analytical and problem-solving skills.
• Ability to communicate complex ideas clearly and effectively.
• Adapt to cross-cultural and time zone international working environments.
• Excellent communication skills, optimistic and upward, strong self-motivation, ability to withstand pressure, and self-reflection consciousness.
• Mandatory: Native or fluency in Spanish and English.
• Preferred: Conversational in Chinese (Mandarin).

Technical knowledge:

• Regulatory compliance (IFPE, CNBV, BANXICO, financial entity, among others) 
• Security frameworks and control baselines: ISO 27001/27002/27017/27032, NIST CSF, NIST SP 800-53, CIS Controls. 
• PCI DSS fundamentals and practical application within card data environments. 
• Risk management and GRC: risk assessments, control design/testing, evidence management, and remediation tracking. 
• Cloud security (IaaS/PaaS/SaaS) and secure architecture concepts for modern environments. 
• Security monitoring and incident management lifecycle: detection, response, recovery, and post-incident improvement. 
• Third-party security management: due diligence, contractual security requirements, and ongoing assurance. 
• Security metrics and dashboards (KPIs/KRIs) for products and technology

Perks

Labor Hours: Monday to Friday 9:00 am to 6:00 pm (time availability)

Modality: Full-time, Payroll, Hybrid in Mexico City (3 days onsite)

Salary: $150,000 MXN Gross Monthly

Open Positions: 1

Competitive salary

Major Medical Insurance: 100% coverage for the employee and 50% for dependents
Life Insurance
30 days of Christmas bonus (aguinaldo)
80% vacation premium on 12 vacation days, plus 1 PTO day per month
Savings Fund: 13%
Grocery vouchers (capped)

Annual performance bonus:

• 10% for individual contributors
• 15% for managers
• Calculated based on both individual performance and company performance
  
   

Additional note:

The company's performance multiplier was 103% this year and has averaged around 100% over the past 4 years.

About the company

The company is Mexico’s leading digital payments and commerce platform, dedicated to empowering businesses to interact and transact more effectively with their customers through innovative technologies and best-in-class service. Founded in 2012, the company has built a comprehensive ecosystem of financial solutions that help small and mid-sized businesses accept digital payments, sell online, access credit, and streamline their operations.

Driven by a mission to expand financial inclusion, the company enables millions of merchants—many of whom previously operated in cash—to participate in the digital economy with secure, reliable, and easy-to-use tools. Today, the company is recognized as one of the most valuable fintech brands in Mexico and continues to drive digital transformation across the country.

Location: Hybrid in Mexico City