Information Security and Compliance Officer

About the position Our Information Security team is at the core of protecting our company's data, systems, and reputation. We drive the implementation and continuous improvement of security and compliance frameworks, ensuring our business and customers are protected in a rapidly evolving digital landscape. Operating from Colombia, we collaborate globally to deliver secure, compliant, and innovative solutions. You will lead and coordinate information security and compliance initiatives, ensuring the implementation, maintenance, and improvement of our ISMS under ISO 27001 and other international standards. You'll be the go-to expert for audits, risk management, and compliance, helping us stay ahead in security and regulatory requirements. Responsibilities • Implement, maintain, and improve the Information Security Management System (ISMS) under ISO 27001 and other international standards. • Lead and coordinate internal and external security and compliance audits (ISO 27001, PCI-DSS, GDPR, NIST), and drive the follow-up of corrective actions. • Analyze compliance and security requirements, working with stakeholders to identify and implement technical solutions that balance security, compliance, cost, and user experience. • Provide subject matter expertise in translating security, regulatory, and compliance requirements into technical requirements for cloud and on-premises environments. • Perform and validate risk assessments, and support the establishment, verification, and maintenance of security controls toward standards and regula-tions. • Advise and train internal teams on best practices in security, compliance, and privacy. • Manage documentation, policies, and procedures for information security. • Serve as the main point of contact for auditors, regulators, and clients regard-ing compliance matters. • Support security management in cloud and data center environments, including the assessment and optimization of security controls and architecture. • Stay up to date on regulatory changes, cybersecurity trends, and emerging compliance requirements. Requirements • Bachelor's degree in Systems Engineering, Electronics, Telecommunications, or related fields. • 5+ years in information security, compliance, or audit roles. • Strong technical acumen with a solid grasp of internet protocols, applications, operating systems, cryptographic methods, and network and systems archi-tecture • Ability to translate security, regulatory, and compliance requirements into technical solutions, and assess whether proposed solutions meet compliance and security needs. • Proven experience in ISO 27001 implementation and audit. • Participation in PCI-DSS, GDPR, NIST, or similar compliance projects. • Experience in risk management and security incident handling. • At least one of the following certifications: ISO 27001 Lead Auditor/Imple-menter, CISSP, CISM, or equivalent. • Leadership and teamwork abilities. • Effective communication with technical and business areas. • Advanced English (able to read documentation and participate in audits; con-versational fluency is a plus). • Results-oriented and continuous improvement mindset Nice-to-haves • Experience in cloud (Azure, AWS, GCP) and data center environments is desir-able. • conversational fluency is a plus Benefits • Get rewarded with competitive remuneration, individual and company annual bonus, vacation and holiday paid time off, health insurances and other competitive benefits. • Work from anywhere: onsite, hybrid or fully remote. • Professional development to broaden your knowledge and enhance your skills with on-line learning hubs packed with technical and soft skills training that allow you to develop and grow. • Enter a diverse and inclusive workplace, join one of the world's top travel technology companies and take on a role that impacts millions of travelers around the globe. Apply tot his job