Global Information Security Risk and Compliance

Objective

As part of the Information Security organization, develop a strategic program to ensure compliance of regulatory requirements to support the organization's resilience. Through a process of Risk Management and the systematic evaluation of potential threats, the organization will be able to meet the law, regulations and contractual requirements and ensure the organization's objectives are fulfilled.

Furthermore, this role strategically aligns risk management and compliance efforts with the broader organizational strategy, fostering a culture of continuous improvement, supporting the organization's growth and that Information Security efforts are sustainable across Nemak.

Main Responsibilities
- Compliance Strategy: Create and implement compliance strategies and policies to ensure the organization fulfills Information Security requirements of laws, regulations, contracts and IT standards.
- Risk Management and Mitigation: Identify and assess potential Information Security risks to the organization's operations, financial stability, and reputation. Develop risk mitigation plans and monitor their effectiveness. Foster a culture of continuous improvement within the organization, ensuring that risk management and compliance strategies evolve to address emerging risks and regulatory changes.
- Regulatory Compliance: Stay current with relevant laws and regulations affecting the organization's industry and geographic locations. Ensure that policies and controls fulfill these Information Security requirements and work with executive and functional areas to ensure the gaps are closed.
- Policy Development and Management: Develop and manage Information Security compliance policies, codes of conduct, and internal control frameworks. Communicate policies effectively throughout the organization and develop programs to ensure their effectiveness across the organization.
- Training and Education: Provide Information Security compliance training and awareness programs to employees, management, and relevant stakeholders to ensure a culture of compliance and risk management.
- Compliance Monitoring and Reporting: Establish systems and processes to monitor compliance with Information Security policies, regulations, and standards. Regularly provide updates to executive management on the key performance indicators and risk levels. Provide information requirements to certification entities required for Information Security and Sustainability process to ensure growth strategic goals are achieved.
- Third-Party Due Diligence: Assess and manage Information Security risks associated with third-party relationships, such as vendors, suppliers, and partners. Implement due diligence processes and ongoing monitoring to comply with Information Security Requirements for Suppliers policy.
- Data Protection and Privacy: Oversee and coordinate data protection and privacy compliance with GDPR and other privacy relevant regulations. Ensure data handling practices are in line with legal requirements.
- Audit Management: Prepare and support Information Security regular audits, whether internal or external. Ensure that the organization is always prepared to comply with audit requirements, minimizing disruptions and potential penalties. Monitor the correct implementation of Information Security controls across Nemak. Ensure remediation programs are in place.
- Access Management: Develop strategies to ensure that the access management practice operates with industry best practices for key critical systems like SAP, Success Factors and key platforms. Define security frameworks to improve security models in SAP and supported platforms. Manage the Security Architecture in SAP and SAP GRC ensuring controls are in place and evidences are produced.

Position Requirements
- Career: Computer Systems Engineering, Law, Business Administration
- Experience: 5- 8 years’ experience in Audit and Compliance, Risk Management, Internal Control Management, Data Privacy and Security, IT Systems Management, Multicultural experience.
- Certifications: Certified Information Systems Security Professional (CISSP), Certified Information Systems Auditor (CISA), Certified in Risk and Information Systems Control (CRISC).
- Strong knowledge of industry standards, regulations, and frameworks (e.g., ISO 27001, NIST, GDPR).
- Behavioral Skills: Analysis and problem solving, Drive, Multitasking, Manage and energize teams, Common sense and urgency, Leadership, Work under pressure, Desire for new challenges, Embrace change, Excellent communication skills, Challenge the status quo, Proactive, Analytic, Self-learner, Desire for innovation, Positive.
- Strong project management skills with the ability to prioritize and manage multiple initiatives simultaneously.
- Strong communication and leadership skills, with the ability to collaborate effectively with cross-functional teams and senior management.
- Advanced English and Spanish.
- At Nemak, Diversity, Equity and Inclusion