Virtual Information Security Officer

About The Position

Requirements

• Strong communication skills with the ability to clearly articulate security topics to non‑technical and technical audiences.
• Ability to influence decisions and collaborate with diverse teams, even without formal authority.
• Effective project coordination skills with the ability to support multiple initiatives concurrently.
• 7–10 years of experience in information security or a related field, including experience contributing to or operating a security program.
• Working knowledge of enterprise security technologies (firewalls, IDS/IPS, SIEM, endpoint protection, CASB, DLP, vulnerability scanners, SSO).
• Familiarity with core security processes such as access governance, Secure SDLC, vulnerability management, incident response, and data protection.
• Exposure to cloud security concepts and controls in platforms like AWS, Azure, or GCP.
• Strong understanding of security frameworks such as NIST CSF, ISO 27001, CIS Controls, OWASP, and CRI Profile.

Nice To Haves

• Spanish and/or Portuguese language proficiency.
• Security certifications such as CISSP, CISM, CISA, or equivalent.
• Experience conducting audits or reviews of systems and technical controls.
• Familiarity with global or regional privacy and security regulations.

Responsibilities

• Act as a security advisor to assigned TFS Group companies, integrating into their management‑level discussions and security project planning efforts.
• Collaborate with business leaders to ensure security considerations are addressed early and consistently within initiatives and solutions.
• Help communicate security risks, issues, and mitigation options to management teams in a clear and practical manner.
• Support the promotion of a security‑aware culture across assigned business units.
• Assist in developing and evolving multi‑year security roadmaps and strategies aligned to business priorities.
• Contribute to maturing the Information Security program by identifying opportunities for improvement and recommending security services or controls that meet business needs.
• Support the collection, preparation, and delivery of relevant security metrics and reports for management review.
• Help ensure that identified vulnerabilities, audit findings, or assessment results are tracked and that remediation plans are properly documented and monitored.
• Evaluate security policies, standards, and controls to ensure alignment with global TFS cybersecurity expectations.
• Support awareness of applicable security and privacy regulations (e.g., FFIEC, CCPA, GDPR, LGPD) and their impact on systems, processes, and technologies.
• Assist in evaluating system security requirements throughout solution lifecycle phases.
• Contribute to assessments of cybersecurity safeguards — such as firewalls, intrusion prevention systems, web application firewalls, endpoint protection, DLP, encryption, and vulnerability management tooling — to ensure they meet expected security standards.
• Help review cybersecurity designs for systems and networks with varying classification levels and control needs.
• Provide general guidance on appropriate technical controls to reduce risk and support business and technology teams during design or implementation.

Benefits

• A work environment built on teamwork, flexibility, and respect.
• Professional growth and development programs to help advance your career, as well as tuition reimbursement.
• Team Member Vehicle Purchase Discount.
• Toyota Team Member Lease Vehicle Program (if applicable).
• Comprehensive health care and wellness plans for your entire family.
• Toyota 401(k) Savings Plan featuring a company match, as well as an annual retirement contribution from Toyota regardless of whether you contribute.
• Paid holidays and paid time off.
• Referral services related to prenatal services, adoption, childcare, schools, and more.
• Relocation assistance (if applicable).