Design and implement phishing simulation campaigns; analyze emerging threat trends; develop targeted intervention strategies; and build automated reporting and response mechanisms
Develop and manage a policy exception framework with standardized review, documentation, and tracking processes aligned to organizational risk tolerance.
Information Security Compliance Analyst at Travelhrportal
Build and deliver a tiered security awareness curriculum addressing cyber threats through engaging, multi-format materials and function-specific learning paths.
Maintain detailed audit trails across all programs to ensure compliance with information security protocols and industry frameworks including NIST, ISO 27001, and PCI DSS
Manage exception currency and access removal to ensure policy exceptions remain current and aligned with evolving risk posture
Requirements
3-5 years of experience in Information Security, specifically within GRC or Security Awareness.
Experience designing and executing organizational phishing simulations, from technical setup through reporting and trend analysis.
Experience developing engaging, multi-format security awareness curricula and role-based training content.
Solid background in managing security policy exceptions, including risk alignment, documentation, and audit trail maintenance.
Skilled in creating reporting mechanisms to track phishing resilience, training completion rates, and overall program effectiveness.
Able to translate complex security concepts into clear, digestible training for all organizational levels, including executive audiences.
Familiarity with NIST CSF, ISO 27001, PCI DSS, or SOC2 as they relate to policy management and training compliance.
Experience with phishing simulation and LMS platforms such as KnowBe4, Proofpoint, or Adaptive Security, and GRC workflow tools such as Jira, ServiceNow, or Onspring.
Bachelor's degree in Information Security, Information Systems, or a related field (or equivalent experience).
Current CISSP or CISA certification preferred.
Location
Mexico
Click here to learn more about the benefits we offer in Mexico.
The #TeamGBT Experience
Work and life: Find your happy medium at Amex GBT.
Flexible benefits are tailored to each country and start the day you do. These include health and welfare insurance plans, retirement programs, parental leave, adoption assistance, and wellbeing resources to support you and your immediate family .
Travel perks: get a choice of deals each week from major travel providers on everything from flights to hotels to cruises and car rentals.
Develop the skills you want when the time is right for you, with access to over 20,000 courses on our learning platform, leadership courses, and new job openings available to internal candidates first.
We strive to champion Inclusion in every aspect of our business at Amex GBT. You can connect with colleagues through our global INclusion Groups, centered around common identities or initiatives, to discuss challenges, obstacles, achievements, and drive company awareness and action.
And much more!
A ll applicants will receive equal consideration for employment without regard to age, sex, gender (and characteristics related to sex and gender), pregnancy (and related medical conditions), race, color, citizenship, religion, disability, or any other class or characteristic protected by law.
Click Here for Additional Disclosures in Accordance with the LA County Fair Chance Ordinance.
What if I don't meet every requirement? If you're passionate about our mission and believe you'd be a phenomenal addition to our team, don't worry about "checking every box;" please apply anyway. You may be exactly the person we're looking for!
Benefits
Health insuranceFlexible scheduleParental leave
Additional Information
Amex GBT is a place where colleagues find inspiration in travel as a force for good and - through their work - can make an impact on our industry. We're here to help our colleagues achieve success and offer an inclusive and collaborative culture where your voice is valued.
Join our Governance, Risk & Compliance (GRC) team as an Information Security Compliance Analyst. You will lead critical security programs that protect the organization and empower the workforce. This role sits at the intersection of security awareness, phishing prevention, and policy governance-reporting to the IT Risk and Information Security Manager.
Travelhrportal · Mexico