Information Security Lead

Remote, CanadaRemoteFull TimeLeadPosted 18 days agoHidden Gem · Himalayas

Is this role right for you?

Upload your resume and get a skill-by-skill breakdown — see exactly where you match, where you're close, and what to highlight. Not a mystery percentage.

Get a tailored resume highlighting what this role needs.

Role summary

NOVACARD is seeking an Information Security Lead to integrate security into product development and operations, ensuring compliance with Mexican regulations and global standards. This remote role involves close collaboration with engineering, product, and DevOps teams to embed security throughout the SDLC, strengthen monitoring and incident response, and manage security controls. Key responsibilities include implementing policies, conducting threat modeling, managing DLP and DRP, and leading vulnerability management. The ideal candidate has 3+ years of experience in information security management, knowledge of international standards (ISO 2700x, NIST), and hands-on experience with security technologies. Fluency in English is required.

At NOVACARD, we’re redefining how people use credit.We are the first interest-free and no-annual-fee credit card in Mexico, designed to simplify personal finances and give users complete control - all from a mobile app. With NOVACARD, users can access up to $200,000 MXN in credit, only pay when they use it, and manage everything digitally in under 5 minutes. Our mission is to empower people to make smarter financial decisions by offering flexibility, transparency, and the freedom they need to reach their goals. Simple finances, big goals.About the Role:

We are looking for an Information Security Lead to embed security practices into product development and business operations while ensuring compliance with local regulations and global security standards. In this role, you will work closely with engineering, product, DevOps, and compliance teams to integrate security into delivery processes, strengthen monitoring and incident response capabilities, and continuously improve security controls in a fast-paced product environment.

The role is mostly remote, with business trips when required.

Key Responsibilities:

Work closely with Engineering, Product and DevOps teams to ensure security is embedded into products, platforms, and operational processes from early design stages through delivery and release cycles.
Participate in product discovery, architecture discussions, sprint planning, change management, and release processes to ensure security requirements are addressed early and do not become delivery blockers.
Collaborate with Compliance and Legal teams to align local regulatory requirements with product and engineering roadmaps.
Implement and maintain controls required by CNBV, PCI DSS, and other applicable local regulatory obligations, ensuring continuous compliance.
Implement central information security policies and develop country-specific procedures and controls in coordination with local compliance stakeholders.
Integrate secure development practices into the SDLC, including architecture reviews, threat modeling, vulnerability management, and security checkpoints within delivery pipelines.
Improve security monitoring capabilities and SOC coverage for the local IT environment, including configuring monitoring rules and defining incident escalation procedures.
Lead incident response activities, coordinate investigations with engineering and product teams, conduct root cause analysis, and organize post-incident awareness sessions.
Manage and operate local Data Loss Prevention (DLP) solutions and related processes.
Develop, maintain, and test Disaster Recovery Plans (DRP), including organizing annual recovery exercises.
Establish and operate vulnerability management processes, including regular scanning, prioritization of findings, and tracking remediation efforts.
Define and deliver regular security reporting and metrics to local business leadership and the central CISO organization.
Organize and coordinate annual assessments of the cybersecurity management system and support remediation planning.

Requirements

Key Requirements:

Fluent English is required for communication within international teams and stakeholders.
Bachelor’s or Master’s degree in Computer Science, Information Security, or a related technical field.
Self-managed, proactive, and capable of working independently while collaborating effectively across distributed teams.
At least 3 years of proven experience in information security management or a similar role.
Solid knowledge of international security standards and best practices, including ISO 2700x, NIST, SABSA, or equivalent frameworks.
Hands-on experience with implementation and management of security technologies, including firewalls, IDS/IPS, antivirus, EDR, SIEM solutions, and access management systems.
Practical experience conducting risk assessments, vulnerability management, and security audits, as well as tracking remediation activities.
Experience delivering security or infrastructure projects from initiation through implementation, with an understanding of project management methodologies.
Professional certifications (such as CISSP, CISM, CISA, ISO 27001 Lead Implementer/Auditor, or equivalent) are considered a strong advantage.

What We Offer

Fully remote work format.
Official employment under the Russian Labor Code (for residents of Russia); contractor collaboration available for candidates from other countries.
Opportunity to work in an international team on a new digital product for the Mexican market.
A data-driven environment where your contributions have a real impact.

Originally posted on Himalayas

Ready to apply?

You'll be redirected to Novacard's application page.