Information Security Officer - Remote

Location: Colombia (Remote)

Contract Type: Full-time Colombian Labor Contract

About Us

For many U.S. companies, the challenge of attracting and retaining affordable, highly skilled software developers within its borders remains significant. Meanwhile, across Latin America, a wealth of talented developers seeks opportunities to work on stable, innovative projects with industry-leading companies.

At AgilityFeat, we’ve spent over a decade solving this puzzle. Since 2010, our U.S.-based company, with offices in Panamá and Colombia, has been the bridge connecting these two worlds. We’ve helped countless U.S. companies scale their development teams while opening doors for Latin American tech professionals to access career-defining opportunities.

If you’re a Latin American developer looking to work with U.S. teams while enjoying the flexibility of remote work, we’d love to hear from you.

The Role

We are seeking a proactive and experienced Information Security Officer to lead our security initiatives across internal systems and client-facing, cloud-based applications. The ideal candidate has a strong background in risk assessment, incident response, and regulatory compliance (including HIPAA), and is comfortable collaborating with cross-functional teams such as DevOps, QA, and Engineering. Experience with real-time communication technologies like WebRTC or VoIP is highly valued, as is the ability to design and implement practical security controls in fast-paced, development-driven environments.

Fluent English is a must! B2+ or above is required for this client-facing role.

Key Responsibilities

• Develop, implement, and regularly update security policies, procedures, and standards to align with organizational and client goals, and regulatory requirements (e.g., HIPAA, GDPR, CCPA).
• Conduct regular risk assessments and security audits of internal systems, cloud environments, and active projects to identify vulnerabilities and areas for improvement.
• Design and execute security processes, tests, and controls for internal and client-facing software applications.
• Monitor and respond to security incidents and breaches, coordinating investigation, mitigation, documentation, and reporting.
• Manage access controls and internal user credentials, including regular reviews of permissions and segregation of duties across systems and applications.
• Oversee asset management and infrastructure security, working closely with DevOps to enforce least-privilege access and secure hardware/software environments.
• Collaborate with development, QA, and operations teams to integrate security into all phases of the software development lifecycle and deployment pipeline.
• Provide security specifications and compliance input for client proposals and project planning, ensuring early alignment with requirements.
• Ensure HIPAA compliance for all relevant platforms and guide broader data privacy compliance efforts.
• Manage information security programs for both internal and client applications, including billing and database access controls.
• Create and lead security awareness training programs to foster a security-conscious culture across the organization.
• Conduct third-party vendor security assessments to evaluate risk and ensure contractual and regulatory compliance.
• Maintain and optimize security tools and monitoring systems, such as firewalls, IDS/IPS, and antivirus software, to ensure proactive threat detection and prevention.

Technical Qualifications

• Bachelor’s degree in Computer Science, Engineering, or equivalent practical experience
• 4+ years of experience as an Information Security Officer (ISO) or in a related security leadership role for cloud-based applications in a remote software company
• Proficiency with security tools and technologies for threat detection, prevention, and monitoring
• Strong understanding of network architecture, operating systems, and cloud computing platforms, with the ability to identify and mitigate security risks in these areas
• Demonstrated experience in developing, implementing, and maintaining security policies, procedures, and standards aligned with industry best practices and regulatory requirements
• Familiarity with relevant security and privacy frameworks and regulations, such as GDPR, HIPAA, and NIST
• Proven ability to assess security risks and vulnerabilities and to design effective mitigation strategies
• Experience in incident response planning and execution, including managing real-time security incidents
• Strong cross-functional collaboration skills, particularly with management, QA, and DevOps teams
• Leadership capabilities to promote a security-first culture and influence organization-wide security awareness
• Commitment to continuous learning and staying current with emerging security threats, trends, and technologies
• Knowledge of WebRTC and security considerations for real-time, web-based communication platforms is a plus
• Experience with AI agents is a plus
• Experience with Compliance automation platforms such as Drata or Vanta is a plus
• Security certifications (e.g. CISSP, CISM, ISO 27001 Lead Implementer) are a plus.

General Qualifications

• Fluent English (B2+), both written and spoken
• Proactive, professional, respectful, and courteous communication
• An entrepreneurial mindset with the initiative and resourcefulness to quickly identify problems, overcome challenges, and provide timely solutions
• Experience working in agile teams using Scrum or Kanban methodologies
• Ability to work remotely with headset/camera equipment, responsive during working hours, a quiet place to work and reliable internet connection

Fluent English is mandatory.
All information must be submitted in English.