Governance, Risk and Compliance Specialist

About EDICOM

Did you know that EDICOM is one of the leading EDI and electronic invoicing companies in the world? And that the electronic invoicing market is growing 19% annually and is projected to be worth over $20 billion by 2026?

EDICOM helps companies go digital by developing SaaS (Software as a Service) solutions, automating and integrating data exchange (EDI), thereby eliminating manual entry errors and unnecessary paper usage worldwide. It has offices in New York, Milan, Paris, Valencia, Seville, Murcia, Mexico City, Bogota, Buenos Aires, and Sao Paulo.

Your Challenge

Your main challenge will be to ensure regulatory compliance regarding Edicom's information security, participating in national and international audit and certification processes.

Key Responsibilities

• Maintenance of Edicom's certifications and management systems, ensuring regulatory compliance (Edicom holds certifications in ISO 27001, ISO 20000-1, RGPD, eIDAS, etc.).
• Execution of internal compliance audits and coordination of external audit and certification processes.
• Participation in risk management processes within the corporate strategy framework.
• Coordination with different business areas (Sales, Presales, Systems, R&D, Project Management, etc.) to define controls and processes that support company objectives.
• Maintenance of the documentation system and development of security policies, regulations, and procedures.

What We're Looking For

• Degree in Computer Engineering, Telecommunications, or related to Information Technologies.
• Experience in implementing or maintaining Information Security Systems, with a preference for participation in projects related to ENS, RGPD, ISO 20000-1, ISO 22301, eIDAS, etc.
• Experience participating in compliance audits for regulations such as ISO 27001, ENS, RGPD, or ISO 20000-1.
• Knowledge of information security regulatory frameworks, data protection, risk management methodologies, compliance audits, and IT governance.
• Desirable to have certifications such as CISA, CISM, ISO 27001 LA, ITIL, DPO, etc.
• Valuable to possess knowledge of security systems and devices: Firewall, SIEM, Antivirus, DLP, encryption tools, IDS, IPS, Nessus, etc.
• Availability to occasionally work in different hours and travel no more than 10%.
• Good oral and written communication skills, including technical and business writing.
• Good documentation and presentation skills with the ability to present ideas and results to technical and non-technical profiles.
• High analytical and problem-solving capacity, with the ability to thrive in dynamic environments.
• Proactive, methodical, and disciplined individual with a strong work ethic. Easy communication, problem-solving, and pleasant demeanor.
• Good level of English (minimum B2). We value knowledge of other languages.
• Academic records and professional experiences will be valued.

What We Offer

• You will be part of the Compliance team, participating in national and international audit and certification processes.
• You will have the trust and stability necessary so you don't have to worry about anything other than your career in the company. Indefinite contract.
• Salary reviews every six months for the first two years based on your performance, growth, attitude, commitment, linguistic and personal skills, and work quality. Subsequently, reviews will be annual.
• With your indefinite contract, from day one, you will have access to social benefits (medical insurance, flexible remuneration, sports and team building activities, language training, parking, and gym).

If the challenge attracts you and you believe you can take our growth strategy to the next level, apply for the offer and meet EDICOM.

Key skills/competency

• Governance, Risk, and Compliance (GRC)
• Information Security Management
• ISO 27001
• Regulatory Compliance
• IT Audit
• Risk Management
• Data Protection (RGPD)
• IT Governance
• Security Policies
• Auditing