At Viva, we look for passionate individuals who truly love what they do. Now is the perfect time to join our team!
Viva is the lowest-cost, most preferred, fun, and profitable airline in the Americas, operating the youngest fleet in Latin America and ranking among the fastest-growing airlines worldwide. We foster a culture of inclusion, passion, and transparency—breaking traditional norms, redefining the way we work, and committing to excellence in service and passenger safety.
As our SGSI Internal Control Manager, you will be responsible for designing, implementing, and maintaining the Information Security Management System (ISMS) and related control frameworks — including ITGC, AFAC, and Finance/IT — ensuring compliance with international ISO/IEC 2700X standards. This role strengthens the second line of defense and directly contributes to risk management, safeguarding information, operational continuity, and regulatory compliance across Viva.
Your responsibilities will include:
Internal Control Framework Design & Maintenance: Define, document, and maintain ISMS policies, procedures, and controls aligned with ISO/IEC 2700X standards, ensuring continuous updates
Technology & Information Risk Management: Identify, assess, and prioritize information security and technology risks, proposing effective mitigation plans
Audits & Compliance: Coordinate internal and external audits (ISO, ITGC, SOX), ensuring second-line independence and the implementation of corrective actions
Cross-Functional Collaboration: Work closely with IT, Finance, Compliance, Internal Audit, and Legal to ensure comprehensive, consistent information security management
Governance & Certifications: Lead certification processes (ISO 27001, ISO 27005, among others) and ensure compliance with national and international regulatory frameworks
Team Management & Technical Leadership: Coordinate and develop the ISMS internal control team, fostering a culture of accountability, continuous learning, and operational excellence
Our ideal candidate:
Bachelor's degree in Systems Engineering, Computer Science, Industrial Administration, or a related field
Master's degree in Information Security, IT, Risk, or Audit (desirable)
Required certifications: ISO/IEC 27001 Lead Auditor and CISA (Certified Information Systems Auditor)
Desirable certifications: CIA, CISM, CISSP, CRISC, or cloud security/data protection certifications
7+ years of experience in information security, IT audit, or internal control
Proven experience implementing and maintaining certified systems (ISO 27001)
Experience in regulated industries (aviation, financial, telecommunications, or energy)
Practical knowledge of COSO, ISO 27000/01/02/05/17/18, ISO 31000, COBIT, ITIL, NIST
Experience leading teams and cross-functional projects with senior leadership
Strong systems audit and internal control skills, policy design and version control management, SAP and IT control frameworks, technology and regulatory risk management, and effective communication and technical writing in both English and Spanish
Benefits You Will Enjoy as #TeamViva
Flexible schedule
#TheBestAirlineToWork: An incredible work environment
Unlimited vacation from day one
Savings fund & savings account
Staff Travel: Discounted flights for you and up to 12 loved ones after 6 months
MyIDTravel: Fly worldwide with 30+ airline alliances at reduced fares after 6 months
Life & medical insurance + 24/7 online family medical assistance
Exclusive discounts on gyms, retail stores, restaurants, universities, and more
Above-the-law benefits
Viva is an equal opportunity employer. All qualified applicants will receive consideration without discrimination of any kind. All candidate information will be handled confidentially and in compliance with Mexican data-protection regulations. Your data will be used only for recruitment-related purposes.
#LI-PR1 #LI-HYBRID
Le dejé los hashtags de ejemplo (#LI-PR1 / #LI-HYBRID) que usaste la última vez — cámbialos si aplican otros para esta posición. ¿Todo bien así o le ajusto algo?