Cyber Governance & Risk Manager (P-117)

San José, Costa Rica
Full Time
Experienced

SMASH, Who we are?
We are agents for tech professionals in Costa Rica and Colombia that help them build careers in the United States.

We believe in long-lasting relationships with our talent. We invest time getting to know them and understanding what they seek as their professional next step.

We aim to find the perfect match. As agents, we pair our talent with our US clients, not only by their technical skills but as a cultural fit. Our core competency is to find the right talent fast.

We purposefully move away from the “contractor” or “outsourcing” type of relationship. Our clients don’t want contractors or “just a service.” Neither does our talent.

Our Benefits

  • Wellness Coverage

  • Remote Work

  • Birthday day off

  • Recognition and rewards system

  • Referrals Program

  • Business skill coaching

  • English classes for Smashers and relatives

  • Learning opportunities

This position is Remote to work with a US Company; you will require to have Citizenship or a work permit from Costa Rica to apply for this role.

Role summary
You will lead cybersecurity governance and risk management initiatives by establishing control ownership, strengthening governance frameworks, and aligning cyber operations with regulatory expectations. This role focuses on improving risk visibility, control accountability, and compliance maturity across enterprise cybersecurity functions.

Responsibilities

  • Define and maintain ownership of cybersecurity controls across operational teams.

  • Conduct cyber risk assessments and map risks to appropriate controls and mitigation strategies.

  • Develop and maintain governance frameworks including RACI models, control libraries, and policy structures.

  • Design and monitor cybersecurity metrics, dashboards, and Key Risk Indicators (KRIs).

  • Translate enterprise security policies into actionable standards, procedures, and operational controls.

  • Ensure consistent implementation, enforcement, and documentation of cybersecurity standards.

  • Support alignment with NCUA, FFIEC, and other regulatory frameworks and risk-based approaches.

  • Collaborate with technology, compliance, audit, and operational teams to strengthen governance processes.

  • Identify gaps in cybersecurity controls and recommend remediation strategies.

  • Prepare reports and risk summaries for leadership, audit, and regulatory stakeholders.

  • Promote continuous improvement of cybersecurity governance and risk management practices.

Requirements – Must-haves

  • Proven experience in cybersecurity governance, risk management, or information security programs.

  • Strong understanding of cybersecurity controls, risk assessment methodologies, and control mapping.

  • Experience aligning cyber programs with NCUA, FFIEC, or similar regulatory frameworks.

  • Experience developing governance models, policy frameworks, and accountability structures.

  • Knowledge of cybersecurity metrics, KRIs, and reporting practices.

  • Ability to translate high-level policies into operational standards and procedures.

  • Strong analytical, documentation, and problem-solving skills.

  • Experience collaborating with cross-functional stakeholders across security, IT, compliance, and operations.

  • Excellent written and verbal communication skills.

Nice-to-haves (optional)

  • Experience in banking, credit union, or regulated financial services environments.

  • Familiarity with frameworks such as NIST CSF, ISO 27001, or COBIT.

  • Relevant certifications such as CISSP, CISM, CRISC, or CISA.

  • Experience supporting audits, regulatory reviews, or compliance assessments.

Languages

  • English C1, Spanish C1

Share

Apply for this position

Required*
We've received your resume. Click here to update it.
Attach resume as .pdf, .doc, .docx, .odt, .txt, or .rtf (limit 5MB) or Paste resume

Paste your resume here or Attach resume file

Human Check*