Information Security

We are seeking a detail-oriented **Information Security Analyst** to join our growing team.

In this role, you will play a vital part in supporting third-party risk assessments and contributing to enterprise risk management initiatives, ensuring regulatory compliance and the security of data across our vendor network.

**Responsibilities**
- Support third-party risk assessments with a focus on Information Security and GRC, helping to evaluate inherent and residual risks to enable risk-informed decision-making
- Assist in conducting due diligence on prospective and existing vendors, with an emphasis on basic cybersecurity controls, regulatory compliance (e.g., GDPR, SOC 2, ISO 27001), and data protection practices
- Help ensure the integrity, consistency, and audit-readiness of third-party data within the GRC platform to support reporting and regulatory requirements
- Collaborate with stakeholders in Information Security, Privacy, Legal, Procurement, and Business Units to share insights and contribute to enterprise risk management initiatives
- Participate in processes related to third-party offboarding, ensuring risk management steps are followed, and data retention, access, and continuity controls are reviewed
- Assist in preparing documentation and responses for external audits, internal reviews, or regulatory inquiries related to third-party risk management practices
- Contribute to the maintenance and improvement of TPRM policies, playbooks, and program metrics to support ongoing program development

**Requirements**:

- 2+ years of experience in third-party risk management, information security, IT audit, or GRC, ideally within Gaming, Technology, or Consulting industries
- Basic understanding of security risk assessment frameworks and best practices (e.g., NIST, ISO 27001, SIG, CSA, etc.)
- Familiarity with tools like JIRA and GRC platforms (e.g., OneTrust, ServiceNow) is a plus, with a willingness to learn and support data analysis and platform improvements
- Ability to identify and assess security, privacy, and operational risks with an analytical, solutions-oriented mindset
- Strong verbal and written communication skills, with the ability to work collaboratively with team members and stakeholders across the organization
- Adaptability and willingness to take on tasks in a cross-functional environment, even in the face of ambiguity or changing requirements
- General understanding of regulatory requirements and good practices related to vendor management and data security is desirable
- Awareness of IT risk management concepts as well as familiarity with the S-SDLC and Agile Methodology is a bonus
- Fluent English communication skills at a B2+ level

**We offer**
- Career plan and real growth opportunities
- Unlimited access to LinkedIn learning solutions
- International Mobility Plan within 25 countries
- Constant training, mentoring, online corporate courses, eLearning and more
- English classes with a certified teacher
- Support for employee’s initiatives (Algorithms club, toastmasters, agile club and more)
- Enjoyable working environment (Gaming room, napping area, amenities, events, sport teams and more)
- Flexible work schedule and dress code
- Collaborate in a multicultural environment and share best practices from around the globe
- Hired directly by EPAM & 100% under payroll
- Law benefits (IMSS, INFONAVIT, 25% vacation bonus)
- Major medical expenses insurance: Life, Major medical expenses with dental & visual coverage (for the employee and direct family members)
- 13 % employee savings fund, capped to the law limit
- Grocery coupons
- 30 days December bonus
- Employee Stock Purchase Plan
- 12 vacations days plus 4 floating days
- Official Mexican holidays, plus 5 extra holidays (Maundry Thursday and Friday, November 2nd, December 24th & 31st)
- Monthly non-taxable amount for the electricity and internet bills

EPAM is a leading global provider of digital platform engineering and development services. We are committed to having a positive impact on our customers, our employees, and our communities. We embrace a dynamic and inclusive culture. Here you will collaborate with multi-national teams, contribute to a myriad of innovative projects that deliver the most creative and cutting-edge solutions, and have an opportunity to continuously learn and grow. No matter where you are located, you will join a dedicated, creative, and diverse community that will help you discover your fullest potential.