
51 - 200 employees
Founded 2023
💳 Fintech
🏦 Banking
👥 B2C
Fintech • Banking • B2C
NOVACARD is a Mexican consumer credit-card provider and fintech offering a transparent, no-hidden-fee credit card with flexible credit limits (MXN 1,000–200,000), 0 annual fee, cashback rewards (5% at supermarkets, 0. 5% on other purchases), transfers, and a mobile app with a 28-day interest-free period. Operated by Unitron Technology S. A. P. I. de C. V. , NOVACARD targets consumers seeking simple, low-cost credit solutions and transparent terms.
🕒 February 16
Improve your chances of getting an interview by checking your resume score before you apply.

51 - 200 employees
Founded 2023
💳 Fintech
🏦 Banking
👥 B2C
Fintech • Banking • B2C
NOVACARD is a Mexican consumer credit-card provider and fintech offering a transparent, no-hidden-fee credit card with flexible credit limits (MXN 1,000–200,000), 0 annual fee, cashback rewards (5% at supermarkets, 0. 5% on other purchases), transfers, and a mobile app with a 28-day interest-free period. Operated by Unitron Technology S. A. P. I. de C. V. , NOVACARD targets consumers seeking simple, low-cost credit solutions and transparent terms.
• Work closely with Engineering, Product and DevOps teams to ensure security is embedded into products, platforms, and operational processes from early design stages through delivery and release cycles • Participate in product discovery, architecture discussions, sprint planning, change management, and release processes to ensure security requirements are addressed early and do not become delivery blockers • Collaborate with Compliance and Legal teams to align local regulatory requirements with product and engineering roadmaps • Implement and maintain controls required by CNBV, PCI DSS, and other applicable local regulatory obligations, ensuring continuous compliance • Implement central information security policies and develop country-specific procedures and controls in coordination with local compliance stakeholders • Integrate secure development practices into the SDLC, including architecture reviews, threat modeling, vulnerability management, and security checkpoints within delivery pipelines • Improve security monitoring capabilities and SOC coverage for the local IT environment, including configuring monitoring rules and defining incident escalation procedures • Lead incident response activities, coordinate investigations with engineering and product teams, conduct root cause analysis, and organize post-incident awareness sessions • Manage and operate local Data Loss Prevention (DLP) solutions and related processes • Develop, maintain, and test Disaster Recovery Plans (DRP), including organizing annual recovery exercises • Establish and operate vulnerability management processes, including regular scanning, prioritization of findings, and tracking remediation efforts • Define and deliver regular security reporting and metrics to local business leadership and the central CISO organization • Organize and coordinate annual assessments of the cybersecurity management system and support remediation planning
• Fluent English is required for communication within international teams and stakeholders • Bachelor’s or Master’s degree in Computer Science, Information Security, or a related technical field • Self-managed, proactive, and capable of working independently while collaborating effectively across distributed teams • At least 3 years of proven experience in information security management or a similar role • Solid knowledge of international security standards and best practices, including ISO 2700x, NIST, SABSA, or equivalent frameworks • Hands-on experience with implementation and management of security technologies, including firewalls, IDS/IPS, antivirus, EDR, SIEM solutions, and access management systems • Practical experience conducting risk assessments, vulnerability management, and security audits, as well as tracking remediation activities • Experience delivering security or infrastructure projects from initiation through implementation, with an understanding of project management methodologies • Professional certifications (such as CISSP, CISM, CISA, ISO 27001 Lead Implementer/Auditor, or equivalent) are considered a strong advantage
• Fully remote work format • Official employment under the Russian Labor Code (for residents of Russia); contractor collaboration available for candidates from other countries • Opportunity to work in an international team on a new digital product for the Mexican market • A data-driven environment where your contributions have a real impact
Apply Now