OVERVIEW** The **Information Security Engineer **role performs security assessments to ensure compliance with internal policies, controls, and standards, as well as client and regulatory security requirements. These assessments include evaluating technological, operational, and process controls in order to evaluate the design and implementation of security controls. This position will be based at one of at Sutherland’s Latin America sites, while also providing support to all 6 of the LATAM sites. There may occasionally be a need to travel to other locations. The position will report to the Information Security Manager of LATAM, and the individual will be supporting risk and compliance management tasks to include risk assessments, customer requirements, ISO 27001 requirements, PCI DSS requirements, and other regulatory compliance requirements. Additionally, the individual will be assisting HIPAA audits, PCI DSS audits, Service Organization Controls (SOC) audits, SSAE 16 / ISAE 3402 audits, customer audits, and other compliance / regulatory audits occurring at the LATAM sites, as needed. The role will interface closely with Service Delivery Management, Site Directors, other Information Security Managers, and functional heads across Human Resources, Physical Security, Information Technology, and Facilities. **RESPONSIBILITIES** - Conduct assessments of Information security controls in order to measure the effectiveness of controls and identify control gaps - Identify, assess, and prioritize identified risks - Collect evidence, artifacts, and document findings to support conclusions - Report on compliance with internal policies, controls, and standards - Provide recommendations for remediation of identified deficiencies - Track and report on findings/deficiencies to closure - Coordinate third-party risk assessments and audits, including HIPAA audits, PCI DSS audits, Service Organization Controls (SOC) audits, SSAE 16 / ISAE 3402 audits, customer audits, and other compliance / regulatory audits occurring at the LATAM sites, as needed. - Manage remediation efforts and report on the status of control deficiencies - Support information security investigations - Support security initiatives and global policy adherence and awareness efforts - Ensure that new client engagements adhere to the required information security controls and policies - Support global information security metrics and reporting program(s) - Enforce policy adherence and manage formal policy exception requests - Ensure compliance with standards and regulations such as ISO 27001, PCI DSS, and state and national information security laws - Provide timely updates on assessments and assigned projects - Build relationships and partner with business units and IT departments **QUALIFICATIONS** **Education Requirements**: Bachelor’s Degree in Computer Science, IT, Security, or related field; Master’s degree in related field a plus. **Experience Requirements**: 2 to 5+ years of experience in IT, Networking, Servers, Patching, Mail Security, Malware. Knowledge of information security concepts like Confidentiality, Integrity, Availability, Security Risks, Threats, and Vulnerabilities. **Certification Requirements**: Any IT Certification like ITIL, CCNA, Microsoft, etc. is a requirement, and any CISA, CISM, CISSP, CRISC, PCI-QSA, CGEIT, and/or CIA -IIA certifications are a plus. **Qualifications**: **OVERVIEW** The **Information Security Engineer **role performs security assessments to ensure compliance with internal policies, controls, and standards, as well as client and regulatory security requirements. These assessments include evaluating technological, operational, and process controls in order to evaluate the design and implementation of security controls. This position will be based at one of at Sutherland’s Latin America sites, while also providing support to all 6 of the LATAM sites. There may occasionally be a need to travel to other locations. The position will report to the Information Security Manager of LATAM, and the individual will be supporting risk and compliance management tasks to include risk assessments, customer requirements, ISO 27001 requirements, PCI DSS requirements, and other regulatory compliance requirements. Additionally, the individual will be assisting HIPAA audits, PCI DSS audits, Service Organization Controls (SOC) audits, SSAE 16 / ISAE 3402 audits, customer audits, and other compliance / regulatory audits occurring at the LATAM sites, as needed. The role will interface closely with Service Delivery Management, Site Directors, other Information Security Managers, and functional heads across Human Resources, Physical Security, Information Technology, and Facilities. **RESPONSIBILITIES** - Conduct assessments of Information security controls in order to measure the effectiveness of controls and identify control gaps - Identify, assess, and prioritize identified risks - Collect evidence, artifacts, and docu