Hello! We are Cashea 👋 and our mission is to give Venezuelans back the opportunity to access credit through a BNPL business model. Since our launch in 2022, we have been dedicated to promoting financial inclusion. Today we have more than 9 million active users, both consumers and merchants, and we have become a trusted brand in Venezuela, winning hearts and minds.

About the role

We are looking for a Semi-Senior Security & GRC Engineer to drive the maturity of our Information Security Management System (ISMS), strengthen risk management practices, and support our ISO/IEC 27001 certification process.

This role goes beyond regulatory compliance: we are looking for someone who approaches security holistically, with the critical thinking skills to analyze processes, engage in technical discussions, and propose meaningful security improvements aligned with business goals.

We are not looking for a profile focused solely on meeting compliance requirements. We are looking for someone with sound judgment, critical thinking, and the ability to analyze processes, understand how the organization operates, and propose practical improvements that genuinely raise our security posture.

Responsabilities:

• Participate in the implementation, maintenance, and continuous improvement of the Information Security Management System (ISMS) based on ISO/IEC 27001.

• Design, maintain, and update policies, standards, procedures, and other security program documentation.

• Actively participate in the preparation and execution of internal and external audits, particularly those related to ISO/IEC 27001, coordinating evidence collection and following up on findings and action plans.

• Collaborate cross-functionally with technology, product, and business teams to support the practical adoption of security policies, analyze processes, projects, and technical changes, and ensure security is effectively embedded in the company's key initiatives.

• Design and execute security awareness campaigns (phishing simulations, password hygiene, information handling, best practices).

• Conduct risk assessments, document findings, and propose mitigation plans, including third-party risk management (TPRM).

• Develop metrics, KPIs, and dashboards to monitor the status of the security program, risks, and compliance.

• Support the security-focused review of corporate tool configurations (e.g. Google Workspace, internal tools).

• Propose continuous improvements to the GRC program, exploring automation and more efficient approaches to compliance.

• Actively contribute to strengthening the organization's security culture.

Requirements:

• Between 2 and 4 years of experience in Governance, Risk & Compliance (GRC), Information Security, auditing, or risk management.

• Experience participating in the implementation, maintenance, or auditing of an ISO/IEC 27001-based Information Security Management System.

• Experience working with audit processes, evidence management, and remediation plan follow-up.

• Experience conducting risk analyses and supporting technology risk management processes.

• General knowledge of security applied in cloud and SaaS environments, with the ability to understand architectures and technical processes at a high level.

• Ability to analyze situations, challenge processes, and propose improvements from a security perspective.

• Strong communication skills to interact with both technical and non-technical stakeholders.

• Analytical mindset, curiosity, and eagerness to learn.

Nice to have:

• Experience participating in ISO/IEC 27001 certification or recertification processes.

• Security-driven profile, not just compliance-driven.

• Practical approach with a continuous improvement mindset.

• Desire to learn and grow within the security field.

• Comfort working in fast-changing and evolving environments.

• Autonomy and a collaborative attitude.

Why you'll love working at Cahsea

At Cashea, we have a work culture based on trust and purpose. If you need a clue as to why we are a good choice, these are our core values:

• We don't work on autopilot. Everything we do is intentional. We love to develop ideas with full awareness of the impact they can have on our users.

• Your creativity and curiosity are our most important assets.

• Your voice matters. We listen and make space for ideas and feedback. Everyone belongs, and what's important to you is important to us.

• We value transparency. Clarity keeps us connected and grounded.

• Last but not least, we focus on real impact.

If you want to work with us, fill out the application. We'd love to meet you!