Security Risk & Compliance Lead / Fintech
En Retorna, we are building the financial infrastructure that connects LATAM: international remittances, USD accounts, and B2B rails, with a focus on security, scalability, and automation.
We are a global, 100% remote fintech company with teams distributed across more than 10 countries. In our model, security is part of the product, not an afterthought.
We are looking for a Security Engineer specialized in AWS and cybersecurity who combines strategic vision, technical execution, and an offensive mindset. We want someone who thinks like an attacker.
Responsibilities
Security Risk Management
- Design, implement, and maintain the Risk Framework aligned with ISO 27005 and ISO 31000
- Conduct periodic Risk Assessments on critical assets, processes, and third parties
- Prioritize risks through qualitative and quantitative analysis, proposing treatment plans
- Monitor KRIs and report the risk profile to senior management
- Keep the corporate Risk Register updated
Regulatory Compliance
- Manage compliance with ISO/IEC 27001, NIST CSF, PCI-DSS, SOC 2, GDPR, and local data protection regulations in LATAM
- Coordinate internal and external audits, managing findings and remediation plans
- Develop information security policies, procedures, and controls
- Track regulatory changes and assess their business impact
- Manage Statements of Applicability (SoA) and control mappings
Leadership and Governance
- Lead the team of risk and compliance analysts
- Serve as the liaison between Security, Legal, IT, Operations, and Senior Management
- Actively participate in risk and security committees
- Promote a security culture throughout the organization through training and communication
Third-Party Management
- Assess the risk of vendors and strategic partners (TPRM)
- Review contracts from a security and compliance perspective
- Oversee compliance with security requirements in the supply chain
Incident Response and Continuity
- Participate in incident management from a risk and compliance perspective
- Collaborate with BCP/DRP teams to ensure alignment with continuity frameworks
- Manage regulatory notifications for incidents when applicable
Reporting and Metrics
- Prepare executive and operational reports on the status of risks and compliance
- Define and monitor area KPIs
- Present results to the Risk Committee, Board, and regulatory bodies
Requirements
- Minimum 6 years of experience in information security, risk management, or regulatory compliance areas.
- Minimum 2 years leading security/compliance teams or projects.
- Proven experience in implementing and maintaining security management systems (ISMS) under ISO 27001.
- Management of internal and external security audits (ISO, SOC 2, PCI-DSS).
- Design and implementation of risk management frameworks.
- Experience managing regulatory compliance in sectors such as finance, fintech, retail, health, or insurance (preferred).
- Experience with Third-Party Risk Management (TPRM).
- Proficiency with GRC (Governance, Risk & Compliance) tools: ServiceNow GRC, RSA Archer, MetricStream, or others.
Benefits
💻 100% remote work (hybrid option available if preferred) 🌟 Be part of a fast-growing, innovative company 🤝 Collaborative and dynamic team environment 🌎 Professional development opportunities in a multicultural setting
Ready to take the next big step in your professional career? 🚀
Join a team with a purpose that is transforming financial access across borders. If you are passionate about creating and scaling solutions with real impact, apply now and be part of Retorna's journey.
