Information Security Lead

At NOVACARD , we’re redefining how people use credit.
We are the first interest-free and no-annual-fee credit card in Mexico, designed to simplify personal finances and give users complete control - all from a mobile app. With NOVACARD, users can access up to $200,000 MXN in credit, only pay when they use it, and manage everything digitally in under 5 minutes. Our mission is to empower people to make smarter financial decisions by offering flexibility, transparency, and the freedom they need to reach their goals. Simple finances, big goals.

About the Role:

We are looking for an Information Security Lead to embed security practices into product development and business operations while ensuring compliance with local regulations and global security standards. In this role, you will work closely with engineering, product, DevOps, and compliance teams to integrate security into delivery processes, strengthen monitoring and incident response capabilities, and continuously improve security controls in a fast-paced product environment.

The role is mostly remote, with business trips when required.

Key Responsibilities:

• Work closely with Engineering, Product and DevOps teams to ensure security is embedded into products, platforms, and operational processes from early design stages through delivery and release cycles.

• Participate in product discovery, architecture discussions, sprint planning, change management, and release processes to ensure security requirements are addressed early and do not become delivery blockers.

• Collaborate with Compliance and Legal teams to align local regulatory requirements with product and engineering roadmaps.

• Implement and maintain controls required by CNBV, PCI DSS, and other applicable local regulatory obligations, ensuring continuous compliance.

• Implement central information security policies and develop country-specific procedures and controls in coordination with local compliance stakeholders.

• Integrate secure development practices into the SDLC, including architecture reviews, threat modeling, vulnerability management, and security checkpoints within delivery pipelines.

• Improve security monitoring capabilities and SOC coverage for the local IT environment, including configuring monitoring rules and defining incident escalation procedures.

• Lead incident response activities, coordinate investigations with engineering and product teams, conduct root cause analysis, and organize post-incident awareness sessions.

• Manage and operate local Data Loss Prevention (DLP) solutions and related processes.

• Develop, maintain, and test Disaster Recovery Plans (DRP), including organizing annual recovery exercises.

• Establish and operate vulnerability management processes, including regular scanning, prioritization of findings, and tracking remediation efforts.

• Define and deliver regular security reporting and metrics to local business leadership and the central CISO organization.

• Organize and coordinate annual assessments of the cybersecurity management system and support remediation planning.

Key Requirements:

• Fluent English is required for communication within international teams and stakeholders.

• Bachelor’s or Master’s degree in Computer Science, Information Security, or a related technical field.

• Self-managed, proactive, and capable of working independently while collaborating effectively across distributed teams.

• At least 3 years of proven experience in information security management or a similar role.

• Solid knowledge of international security standards and best practices, including ISO 2700x, NIST, SABSA, or equivalent frameworks.

• Hands-on experience with implementation and management of security technologies, including firewalls, IDS/IPS, antivirus, EDR, SIEM solutions, and access management systems.

• Practical experience conducting risk assessments, vulnerability management, and security audits, as well as tracking remediation activities.

• Experience delivering security or infrastructure projects from initiation through implementation, with an understanding of project management methodologies.

• Professional certifications (such as CISSP, CISM, CISA, ISO 27001 Lead Implementer/Auditor, or equivalent) are considered a strong advantage.

  
  

What We Offer

• Fully remote work format.

• Official employment under the Russian Labor Code (for residents of Russia); contractor collaboration available for candidates from other countries.

• Opportunity to work in an international team on a new digital product for the Mexican market.

• A data-driven environment where your contributions have a real impact.