Information Security Compliance Manager Mexico City, MEX at Avantor

The Information Security Compliance Manager works as part of the Avantor Global Information Security team and is responsible for overseeing the management and response process for completing security assessment questionnaires and proposals.  This critical role will involve ensuring the company meets the highest standards of information security, compliance, and risk management while maintaining strong relationships with customers and auditors. The ideal candidate will have experience in security assessments, regulatory compliance, and cross-functional collaboration to manage and respond to a variety of security-related inquiries.

Primary Duties and Responsibilities

• Security Assessment Framework development and management: Develop, implement and maintain the processes of receiving, reviewing, and responding to security assessment questionnaires from customers, third-party auditors, and regulatory bodies, ensuring responses are accurate, timely, and comprehensive. 
• Cross-Functional Collaboration: Work closely with teams across the organization, including IT, legal, compliance, product, and operations, to gather necessary information and data to respond to security-related inquiries. Drive continuous improvement in areas that require improved communication and collaboration between functions.
• Documentation and Reporting: Maintain accurate records of completed questionnaires and responses. Prepare and manage reports related to security assessments and audits for senior management and stakeholders. Managing and communicating gaps and open issues identified and ensuring the proper propagation of these items.
• Continuous Improvement: Review and refine security questionnaire response capabilities and processes to improve efficiency, consistency, and quality of responses. Management and development of metrics to provide visibility of compliance.
• Compliance Oversight: Ensure responses align with regulatory, Legal and industry standard compliance requirements (GDPR, SOC 2, HIPAA, etc.) and align with the organization’s internal security policies and standards. 
• Risk Assessment and Mitigation: Identify potential risks based on customer and auditor assessments and work with relevant departments to mitigate or address these concerns proactively.
• Customer Relationship Management: Act as the primary point of contact regarding security assessment inquiries. Provide clear, concise, and professional communication to ensure customer confidence in our security practices.
• Training and Awareness: Provide guidance and training to internal teams regarding security assessment best practices and the importance of responding to security questionnaires in alignment with company policies and industry standards.

Education and Experience

• Bachelor’s degree in Information Security, Computer Science, Business Administration, or a related field of study preferred.
• At least 5 years of experience in information security or risk management, with a focus on security assessments, audits, and customer/vendor interactions, and/or training (in addition to other experience requirements) or equivalent combination of education and experience preferred.
• Experience managing security questionnaire response process aligned with industry standards (SOC 2, ISO 27001, HIPAA, GDPR, etc.).
• Familiarity with various security frameworks and regulatory requirements.

Skills:

• Ability to communicate in English
  Strong understanding of security technologies, risk management principles, and compliance frameworks.
• Excellent communication skills, both written and verbal, with the ability to convey complex security concepts to non-technical stakeholders.
• Detail-oriented with strong organizational and time-management skills.
• Develop formal metrics and KPIs to help provide insight and progress of management and control of the function
• Ability to collaborate effectively across different teams and levels of the organization.
• Strong problem-solving skills and ability to manage multiple priorities.

Preferred Qualifications:

• Professional certifications such as CISSP, CISM, or CISA are highly preferred.
• Experience working directly with customers or auditors during the security assessment process.
• Knowledge of industry-standard tools for security assessments and audit management.
• Experience with security policy development and maintenance.
• Strong communication and management skills and experience working in a global matrixed environment.

Disclaimer:
The above statements are intended to describe the general nature and level of work being performed by employees assigned to this classification. They are not intended to be construed as an exhaustive list of all responsibilities, duties and skills required of employees assigned to this position. Avantor is proud to be an equal opportunity employer.

Why Avantor?

Dare to go further in your career. Join our global team of 14,000+ associates whose passion for discovery and determination to overcome challenges relentlessly advances life-changing science.
 
The work we do changes people's lives for the better. It brings new patient treatments and therapies to market, giving a cancer survivor the chance to walk his daughter down the aisle. It enables medical devices that help a little boy hear his mom's voice for the first time. Outcomes such as these create unlimited opportunities for you to contribute your talents, learn new skills and grow your career at Avantor.
 
We are committed to helping you on this journey through our diverse, equitable and inclusive culture which includes learning experiences to support your career growth and success. At Avantor, dare to go further and see how the impact of your contributions set science in motion to create a better world. Apply today!

EEO Statement:

We are an Equal Employment/Affirmative Action employer and VEVRAA Federal Contractor. We do not discriminate in hiring on the basis of sex, gender identity, sexual orientation, race, color, religious creed, national origin, physical or mental disability, protected Veteran status, or any other characteristic protected by federal, state/province, or local law.

If you need a reasonable accommodation for any part of the employment process, please contact us by email at recruiting@avantorsciences.com and let us know the nature of your request and your contact information. Requests for accommodation will be considered on a case-by-case basis. Please note that only inquiries concerning a request for reasonable accommodation will be responded to from this email address.

For more information about equal employment opportunity protections, please view the Know Your Rights poster.

3rd Party Non-Solicitation Policy:

By submitting candidates without having been formally assigned on and contracted for a specific job requisition by Avantor, or by failing to comply with the Avantor recruitment process, you forfeit any fee on the submitted candidates, regardless of your usual terms and conditions. Avantor works with a preferred supplier list and will take the initiative to engage with recruitment agencies based on its needs and will not be accepting any form of solicitation.