Skip to content


Careers at Bacardi

Analyst – Tech Compliance

Job Name

Analyst – Tech Compliance


Costa Rica




Information Technology

Reporting Line:

Senior Director / CISO

Job type:

Full time

Lead recruiter:

Pablo Segura

About the role


This role will be responsible for assisting in the management of Bacardi’s compliance programs relating to third-party risk management, security awareness training, audit support, policy management, data mapping, data privacy, data security, and other matters related to Bacardi’s regulatory compliance requirements. The role will support the Cyber Security Compliance team by maintaining a Compliance Dashboard, ensuring that documentation is up to date, and ensuring performance metrics meet stated targets while working on special project activities as needed. This position will report to the Cyber Security Compliance Manager.


The Tech Compliance Analyst role plays an active part in implementing and managing information security compliance and privacy objectives.

The role will be responsible for assisting in the management of Bacardi’s compliance programs as it relates to identity access management, change management, third-party risk management, security awareness training, audit support, policy management, data mapping and privacy, data security and other matters related to Sarbanes-Oxley (SOX) General IT Controls, Payment Card Industry (PCI), General Data Protection Regulation (GDPR), and other regulatory compliance requirements.

This role will also assist in the design and implementation for security technology solutions to support compliance needs and act as a trusted advisor for managing the risks and controls impacting Bacardi’s security and regulatory compliance obligations (i.e., Third Party Vendor Risk Management, PCI, SOX, CCPA, etc).



Third Party / Vendor Risk Management
  • Conducting due diligence of all prospective third party providers and partners
  • Tracking and monitoring all third-party entities (vendors, subcontractors, etc.) engaged with Bacardi on an ongoing basis
  • Conducting annual security reviews of all third parties engaged with Bacardi
  • Conducting internal third-party inventory and data mapping exercises associated with all third parties
  • Monitoring and enforcing Bacardi’s standards with all third-parties
Regulatory Audit Support
  • Tracking of remediation efforts in areas of non-compliance identified as a result of internal/external reviews and audits
  • Supporting any internal and external audits pertaining to Bacardi’s Cyber Security Program and regulatory compliance requirements (SOX, GDPR, CCPA, PCI, etc.) to ensure all audits and/or risk assessments are completed effectively by providing appropriate evidence timely to audit staff
  • Performing and documenting internal audits and reviews of Bacardi Tech Security and Compliance programs as needed.
Tech Compliance Support
  • Working with various IT and Functional areas as needed to proactively drive operational compliance with particular focus on security policies
  • Performing internal reviews of control procedures within the organization to help ensure responsible business units are adhering to policy and procedure expectations
  • Executing user access reviews on various internal and vendor managed systems and applications
  • Assisting with the design and implementation of identity and access management controls as needed
  • Assisting with the design and implementation of application change management control procedures as needed
  • Assisting with the design and implementation of IT operational controls as needed
  • Overseeing, tracking, and scheduling all security patching on Enterprise infrastructure critical to business unit functions

Skills and Experience

To be successful in this role you will have: 
  • 2 years experience in a supporting role on an IT Security/Compliance Team 
  • Knowledge of common security compliance processes and frameworks 
  • Extensive experience with audit related items and regulatory requirements (SOX, GDPR, etc.)
  • Excellent analytical and problem-solving skills
  • Excellent communications skills, both written and verbal
  • Technical knowledge – able to learn new tools and technical concepts quickly, 
  • Ability to understand end-user security related priorities 
  • Ability to adapt quickly to new technologies and changing security and business requirements
  • Ability to quickly troubleshoot security problems during operation of solutions
  • Ability to work with minimal supervision
  • Ability to work closely with other key business stake holders to identify areas for improvement
  • Ability to manage and remediate incidents raised by the vulnerability management program
  • Proficiency in English
The following experiences and qualifications are recommended:
  • 5+ years’ of Information Security and IT Risk experience with regulatory, internal audit and/or compliance testing, including the development of remediation activities or steps
  • An equivalent combination of education and/or experience may be substituted for the above requirements
  • Experience with development of General Controls and/or IT Compliance related standards
  • Working knowledge and exposure of IT Governance, Risk Management, and Compliance practices
  • Working knowledge and understanding of ISO 27001/27002 frameworks, NIST compliance regulations, Center for Internet Security (CIS) and other best practices
  • Experience with the audit process involving relevant regulatory requirements specific to General Data Privacy Regulation (GDPR), Sarbanes-Oxley (SOX), Payment Card Industry/Data Security Standard (PCI-DSS) and Privacy Shield principles
  • Cybersecurity/ IT risk assurance expertise
  • Experience with information security tools and utilities
  • Experience using a GRC Management tools
  • Experience in a cross functional team environment
  • Strong technical knowledge of web and domain related services
  • Experience with a Single Sign On / Identity Management Solution is a plus
  • Experience working in a matrix and geographically diverse business model is Critical
  • Ability to work effectively within a team and as an individual contributor in a fast paced changing environment -- multi-tasks, prioritizes and meets deadlines in timely manner
  • Extremely strong verbal and written communications with ability to effectively communicate at multiple levels in the organization
  • Strong organizational, attention to detail and task follow-up skills
  • Your ability to operate and orchestrate seamlessly within the matrix organizational structure will be critical for your success in this role and of the function.
  • Convey information to: Site(s) end-users and stakeholders / Tech organization
  • Adapt and Exchange (reach agreement with): Business BPOs, Cyber Security Team,
  • Influence (affect change): Tech Operational teams


Living our Values and demonstrating high Learning Agility will be fundamental not only for success in this role, but also for potential growth to other roles across Bacardi in the future.  We have a clearly defined Leadership Excellence framework: Focus Externally to Win / Drive Execution & Results / Lead Strategically & Know your Business / Make the Matrix Work / Lead by Example and Develop and Inspire Talent

Our culture

We share the passion and entrepreneurial flair of our founder and are guided by our three culture pillars - Fearless, Family and Founders, they inspire our Primos to be the best they can be and drive us forward in all we do. But what does this mean?

·       Being Fearless; means adopting an agile mindset, being comfortable trying new things and taking risks. We are empowered to question, challenge and innovate.

·       Family; We treat each other, and our communities, like Family. Always.

·       Founders; The spirit of entrepreneurship is at the heart of everything we do. We see the business as if it’s our own. We do the right thing for the business and we all take accountability for our work.

When you join Bacardi, you become part of our family and gain more than just a job.

Disclaimer: Bacardi is an equal opportunity employer that values workforce diversity. Diversity is core to our business: by embedding diversity into all aspects of our culture, we maximize the opportunity to achieve sustainable business success and growth. The duties and responsibilities described in the role profile might not be a comprehensive list.