Manager I - DATA Engineering - Engineering & DATA Colombia - Remote Eligible

BBVA Data Security Role

BBVA is a global company with over 160 years of history that operates in more than 25 countries serving more than 80 million clients. We are more than 121,000 professionals working in multidisciplinary teams with diverse profiles, including financial, legal experts, data scientists, developers, engineers, and designers.

BBVA: Where your ideas become new opportunities. Join us!

Principal Role of the Position

Design, implement, and lead the comprehensive data security framework at BBVA, ensuring the protection of confidential and critically confidential information (CCCI), in alignment with the embedded security strategy, CISO objectives, and corporate, local, and international regulations. Ensure the incorporation of security controls throughout the data lifecycle, from creation to final disposition, managing standards, policies, and procedures that allow a secure, resilient, and compliant environment to regulatory requirements.

Academic Background

Professional in Systems Engineering, Computer Engineering, Computing, Industrial Engineering, or related fields.

Desirable complementary training: Specialization or master's degree in Information Security, Project Management, or related fields.

Experience

Minimum 5 years of experience in roles related to information security, cybersecurity, and technological risk, security in technology projects and platforms, IT audit, or regulatory compliance.

Implementation of security controls for sensitive data, participation or leadership in high-impact technology projects, interaction with architecture, audit, risk, and technology areas.

Desirable certifications: CISM, CISSP, CCSP, CRISC, CDPSE. ISO/IEC 27001 Lead Auditor or Lead Implementer.

Knowledge and Tools

Ensure compliance with local regulations (cybersecurity, continuity, personal data protection 1581), European frameworks: DORA (Digital Operational Resilience Act), EBA BS 2019 – Classification and management of data risks; international standards: NIST Cybersecurity Framework, ISO 27001, ISO 27032, ISO 27035, ISO 31000 (risk management), PCI DSS, LPDP / GDPR. Coordinate risk assessments, audits, and remediations associated with Critically Confidential Information.

Act as the contact point between local and global teams for regulatory requirements.

Platforms and technical components, security in Big Data environments, cloud and multi-cloud, data protection in ETL/ELT processes, sandboxes, APIs, and repositories, Integration of Zero Trust models in architecture.

Skills and Competencies

Executive communication: Ability to translate technical risks into understandable language for senior management and other business areas. Negotiation and influence: Ability to align frontline managers with data security policies. Data-driven decision making: Evaluate risks with technical and regulatory criteria, prioritizing actions with a strategic focus. Leadership and critical thinking: Lead multidisciplinary teams, identify improvement opportunities, and act with systemic vision. Compliance and resilience orientation: Focused on mitigating regulatory and operational risks under pressure, maintaining focus and responsibility.

The Data Security team, in co-dependency with Comporte Security, is responsible for: Data security at BBVA, ensuring the protection of confidential and critically confidential information (CCCI), in line with the strategic objectives of embedded security and corporate and local and international regulatory standards.