• Work closely with Engineering, Product and DevOps teams to ensure security is embedded into products, platforms, and operational processes from early design stages through delivery and release cycles • Participate in product discovery, architecture discussions, sprint planning, change management, and release processes to ensure security requirements are addressed early and do not become delivery blockers • Collaborate with Compliance and Legal teams to align local regulatory requirements with product and engineering roadmaps • Implement and maintain controls required by CNBV, PCI DSS, and other applicable local regulatory obligations, ensuring continuous compliance • Implement central information security policies and develop country-specific procedures and controls in coordination with local compliance stakeholders • Integrate secure development practices into the SDLC, including architecture reviews, threat modeling, vulnerability management, and security checkpoints within delivery pipelines • Improve security monitoring capabilities and SOC coverage for the local IT environment, including configuring monitoring rules and defining incident escalation procedures • Lead incident response activities, coordinate investigations with engineering and product teams, conduct root cause analysis, and organize post-incident awareness sessions • Manage and operate local Data Loss Prevention (DLP) solutions and related processes • Develop, maintain, and test Disaster Recovery Plans (DRP), including organizing annual recovery exercises • Establish and operate vulnerability management processes, including regular scanning, prioritization of findings, and tracking remediation efforts • Define and deliver regular security reporting and metrics to local business leadership and the central CISO organization • Organize and coordinate annual assessments of the cybersecurity management system and support remediation planning

• Design and implement comprehensive BCP/DR programs aligned with industry frameworks (ISO 22301, NIST SP 800-34, ISO 27001) • Conduct Business Impact Analyses (BIA) to identify critical business functions, dependencies, and recovery priorities • Define and maintain Recovery Time Objectives (RTO) and Recovery Point Objectives (RPO) for all critical systems and services • Develop and maintain disaster recovery playbooks and runbooks for various incident scenarios • Create and manage crisis communication frameworks for security incidents and business disruptions • Lead tabletop exercises and disaster recovery drills to validate recovery procedures • Design and implement backup and recovery solutions for AWS cloud infrastructure (primary focus) • Build automated backup workflows for databases, storage systems, applications, and configurations • Implement immutable backup strategies and offsite replication for ransomware resilience • Monitor backup operations, validate recovery procedures, and maintain backup integrity • Optimize backup windows, retention policies, and storage costs across cloud environments • Implement Infrastructure as Code (IaC) for DR environment provisioning and configuration management • Develop automated failover and failback procedures for critical services • Design and maintain hot/warm/cold standby environments based on business requirements • Conduct regular disaster recovery testing and document test results with improvement recommendations • Build monitoring and alerting systems for backup health, replication lag, and recovery readiness • Maintain detailed recovery documentation including network diagrams, dependency maps, and configuration details • Coordinate with application teams to ensure application-consistent backups and recovery procedures • Ensure BCP/DR programs meet regulatory requirements and customer commitments • Maintain comprehensive documentation of recovery procedures, test results, and capability assessments • Track and report on key resilience metrics including RTO/RPO achievement, test success rates, and recovery drills • Coordinate with internal audit and compliance teams during assessments • Participate in vendor risk assessments for third-party backup and recovery solutions

• Serás responsable de liderar la definición funcional y la evolución de productos digitales para un cliente del sector bancario • Actuarás como puente entre negocio y tecnología, asegurando que el equipo entregue valor continuo mediante una gestión clara del backlog, criterios de aceptación bien definidos y una visión alineada con objetivos del negocio, cumplimiento y experiencia del cliente • Levantar y traducir necesidades del negocio en épicas, features y user stories claras y accionables • Priorizar el backlog con foco en valor, riesgo, dependencias y cumplimiento normativo • Definir objetivos, roadmap y alcance por releases junto a stakeholders • Elaborar requerimientos funcionales (flujos, reglas de negocio, excepciones) y criterios de aceptación • Asegurar consistencia del producto: journeys, casos borde, reglas transaccionales, mensajes al usuario • Validar entregables con negocio (UAT), asegurar trazabilidad y apoyar al equipo QA • Facilitar workshops con áreas bancarias (canales, operaciones, riesgo, cumplimiento, tecnología) • Gestionar expectativas, dependencias y decisiones, comunicando avances y riesgos de forma oportuna • Participar activamente en ceremonias ágiles (refinamiento, planning, daily, review, retrospectiva) • Apoyar al equipo de desarrollo resolviendo dudas funcionales y manteniendo el alcance claro

• Play a critical role in maturing the security posture of our organization's endpoint infrastructure including the design, configuration, integration and deployment of enterprise security software and infrastructure • Deploy and maintain endpoint security platforms and processes including Anti-Virus, Anti Malware, Encryption, System Hardening, EDR, MDM, Web Content Management, DNS Security, Identity Solutions SIEM and Patch Management • Perform threat analysis, monitor security events for signs of security breaches and triage any suspicious behavior • Assist with the health, performance, stabilization and tuning of all Endpoint Infrastructure • Evaluate existing endpoint security solutions and participate in the design of strategies to enhance protection against emerging threats • Partner with senior engineers on the research and analysis of emerging technologies that enhance security capabilities and support current and future business objectives • Participate and contribute on enterprise technology evaluations and roadmap discussions with third party vendors • Assess existing security technologies to establish opportunities for improved endpoint protection controls • Ensure security solutions, policies and procedures are sufficient to meet and respond to threats to our data and endpoint infrastructure • Recommend and provide technical support processes, metrics, and SLAs • Maintain and enforce endpoint security policies and standards in alignment with corporate Governance, Security-Risk and Audit policies, procedures, industry regulation, best practices, and security frameworks (e.g., ISO 27001, NIST, CIS) • Support and document the implementation of approved endpoint security software and infrastructure components • Oversee projects from inception to closure ensuring completion according to business requirements and stakeholder standards • Perform continuous mentorship and development of junior staff members • Be a point of contact for escalation and engagement • Participate in the development of technical documentation, policies, and procedures for endpoint security application use and support • Communicate technical standards to Information Technology teams and junior team members • Regular attendance in conformance with standards; attend required meetings and trainings • May be required to work varying schedules to reflect business needs • Demonstrate a proactive approach towards work activities • Manage multiple projects to timely, successful completion • Perform other duties as assigned.