Information Security GRC Specialist (Fintech)

TL;DR

Information Security GRC Specialist (Fintech): Managing and evolving the information security GRC program with an accent on compliance with Mexican fintech regulations, internal security standards, and continuous maturity assessments. Focus on bridging the gap between technical controls and regulatory requirements, automating compliance processes, and coordinating security audits across cross-functional teams.

Location: Remote-first environment.

Company

hirify.global is a leading Latin American cryptocurrency platform dedicated to developing the regional crypto ecosystem and promoting financial inclusion.

What you will do

• Maintain and enhance the Information Security GRC program aligned with industry best practices and regulatory requirements.
• Act as a primary liaison for regulatory authorities and internal/external auditors regarding security compliance.
• Conduct regular information security and maturity assessments to identify gaps and oversee remediation plans.
• Collaborate with technical and engineering teams to embed automated compliance practices directly into the technical stack.
• Validate adherence to internal security policies, standards, and procedures across all lines of business.
• Prepare metrics and reports to provide business insights to stakeholders based on security audit and compliance findings.

Requirements

• 5+ years of professional experience in Information Security GRC roles.
• 3+ years of experience in leading internal compliance assessments or IT audits.
• 3+ years of experience with Mexican regulatory, cybersecurity, and information security requirements for fintech or financial entities.
• Expertise in information security frameworks (ISO/IEC 27000, COBIT, NIST, CIS).
• Proficiency in English with the ability to lead presentations and create deliverables.
• Certification (CISA or equivalent) and cloud experience (AWS Certified Cloud Practitioner or similar).

Nice to have

• 2+ years of strategic consulting experience in financial institutions.
• Additional certifications such as Certified ISO 27k Lead Auditor, CISSP, or PMP.
• Familiarity with GDPR and maturity models like CMMI.
• Experience with Agile methodologies and project management practices.

Culture & Benefits

• Remote-first work environment with a focus on flexibility.
• Unlimited paid time off via the Me Time program.
• Equity through an Employee Stock Option program.
• Comprehensive premium health, dental, and life insurance.
• Generous 4-month extended family leave policy for all parents.
• Opportunities to drive financial inclusion in the rapidly growing crypto sector.