Information Security GRC Specialist

As an Information Security GRC Specialist at Bitso, you will be a key member of the Information Security Governance, Risk, and Compliance team. Your primary responsibility will be to ensure the implementation, maintenance, and continuous improvement of security policies, technical standards, and procedures. This role is crucial in overseeing security risk management and ensuring compliance with applicable security standards and regulations. Additionally, you will coordinate and support both external and internal security assessments.

In this position, you will maintain and enhance the Information Security GRC Program, act as a liaison with regulatory authorities on information security matters, and support the consistent implementation of security policies across all business lines. Your duties will include assessing and validating compliance with regulatory and contractual requirements, conducting regular security and maturity assessments, and collaborating with internal and external audits. You will also guide non-security engineering teams and work towards automating compliance assessments to integrate them directly into the technical infrastructure.

The ideal candidate will have a minimum of 5 years of experience in Information Security GRC roles, with at least 3 years leading internal compliance assessments or audits. Experience with Mexican regulatory and cybersecurity requirements for fintech or regulated financial entities is essential. Proficiency in information security frameworks such as ISO/IEC 27000 series, COBIT, NIST SP 800-xx, NIST CSF, and CIS is required. Strong communication skills, attention to detail, and a commitment to continuous learning are also important. Certifications like CISA and AWS Certified Cloud Practitioner are preferred.

Bitso offers a remote-first work environment with unlimited paid time off through the Me Time program. Employees can participate in the Employee Stock Option program and enjoy zero trading fees via the Bitso Alpha app. The company provides premium health, dental, and life insurance in multiple countries, along with a monthly stipend for various wellness and development activities. Extended family leave policies are also in place to support employees during significant life events.

Joining Bitso means becoming part of a diverse team dedicated to making cryptocurrency useful and accessible. The company values mission-driven individuals who demonstrate a high sense of urgency, exceptional skills, and the ability to manage their work and professional development independently. Bitso is committed to fostering an inclusive environment where unique strengths are recognized and valued.