Torreón, Coahuila
The IT Security Analyst is responsible for safeguarding the organization's information systems by designing, implementing, and maintaining security policies, controls, and authentication frameworks across the company's technology environment. This role ensures regulatory and corporate compliance through effective audit management and certification maintenance (including ITGC, TISAX, and other standards required by the organization or its clients), while driving the adoption of secure access methods (MFA/SSO) and enforcing segregation of duties (SoD) across all business-critical systems, including the ERP. The position acts as the key liaison between the organization and internal/external auditors, ensuring that security practices align with global standards and support the company's risk management strategy and client compliance requirements..
Responsibilities/ Skills.
1. Policies, Audits & Certifications
- Develop, implement, and maintain IT security policies, standards, and procedures aligned with international frameworks (ISO 27001, NIST, COBIT, SOX, ITGC, etc.).
- Serve as the primary point of contact for internal and external auditors; prepare documentation, evidence, and formal responses to audit requests and findings.
- Coordinate and support certification and compliance processes required by the organization or its clients (e.g., ISO 27001, TISAX, SOC 2, ITGC assessments), including gap analysis, control documentation, and evidence gathering.
- Track and follow up on audit action plans, remediation timelines, and policy adherence across the organization and its subsidiaries.
- Conduct periodic internal control reviews and risk assessments to identify security gaps and recommend corrective actions.
- Maintain up-to-date documentation of controls, policies, and procedures to always ensure audit readiness.
2. Identity & Access Management
- Design, implement, and manage authentication methods such as Multi-Factor Authentication (MFA) and Single Sign-On (SSO) across organizational systems.
- Administer user roles, permissions, and access request/approval workflows in the ERP and other critical business systems.
- Ensure segregation of duties (SoD) is properly enforced through role design, periodic access reviews, and conflict identification/remediation.
- Manage user provisioning and de-provisioning processes (onboarding, transfers, terminations) in accordance with least privilege principles.
- Monitor and audit user access logs and approval workflows to detect anomalies, unauthorized access, or policy violations.
3. Security Solutions & Systems Support
- Support the evaluation, implementation, and configuration of security software and modules relevant to the role (e.g., GRC tools, IAM platforms, ERP security modules, MFA/SSO providers).
- Collaborate with IT and functional teams (Finance, HR, Procurement, etc.) to integrate security controls into business processes and system configurations.
- Provide training and guidance to end users on security policies, MFA/SSO usage, and compliance best practices.
- Stay current on emerging security threats, client compliance requirements, and regulatory changes to proactively strengthen the organization's security posture.
Profile.
Education and Experience :
- Bachelor’s degree in information systems, Computer Science, Cybersecurity, or a related field
- 2–5 years of experience in IT security, IT audit, or identity and access management
- Proven experience managing or collaborating in ITGC, TISAX, or similar compliance frameworks required by clients or industry.
- Hands-on experience implementing and managing MFA/SSO solutions.
- Experience administering ERP security (roles, permissions, segregation of duties).
- Experience supporting internal/external audits and certification renewal processes.
Experience working in multinational or corporate environments preferred.
-
Skills/ Knowledge requirements :
Security frameworks: ISO 27001, NIST, COBIT, ITGC (preferred).
Regulatory and client-driven requirements: SOX, TISAX, GDPR, PCI-DSS (as applicable).
Identity and Access Management (IAM) tools and authentication standards (preferred).
GRC (Governance, Risk & Compliance) platforms (as plus).
Segregation of duties (SoD) principles and access control models.
Advanced English proficiency (required for multinational environment and client interactions).
Proficient handling, navigation and usage with all software application indeed to the position.
Competencies
- Efficient collaboration with wide multifunctional teams and one-to-one oriented towards customer services
- Communication
- Planning & Organizing
- Monitoring Information
- Operational Decision Making
- Building Partnership
Courage
-
Benefits.
- The position is a regular active, full time role with competitive total rewards.
- Equal Opportunity Employer - Inclusive Company
Steps to Apply.
Before applying, you must notify your immediate supervisor and the Human Resources Leader/Manager at your plant.
To learn more about the position and apply, visit: https://hcnh.fa.us2.oraclecloud.com/hcmUI/faces/FuseWelcome?_afrLoop=22755292120132527&_adf.ctrl-state=hnbauihrm_934
If you do not remember your username or password, please submit a ticket to the Help Desk to reset your “ORC” username and/or password.
How to apply.
- To learn about the position and apply visit: https://hcnh.fa.us2.oraclecloud.com/hcmUI/CandidateExperience/es/sites/CX_1001/requisitions/preview/ 934