**Company Description:** The Employment Service operated by Comfama is the platform that connects individuals with companies offering job opportunities and seeking to attract talent that contributes to their growth and consolidation. The vacancies published by Comfama Employment Service correspond to employment opportunities offered by companies in various sectors, located in Medellín and Antioquia. If you are interested in consulting vacancies to connect professionally with Comfama, we recommend visiting our website www.comfama.com, option Work with Us **Job Mission:** Establish the information security and cybersecurity governance framework. **Job Functions:** A healthcare company located in Apartadó requires an Information Security and Data Protection Officer with a minimum of one year of experience in risk management, vulnerability assessment, and data protection laws to protect information assets, ensure regulatory compliance, and promote a security culture throughout the organization. **Academic Requirements:** Professional degree in administration, law, systems engineering, or related fields. **Technical or Specific Knowledge Required:** Knowledge of regulations and reference frameworks, NIST CSF, ISO/IEC 27001:2022 (ISMS), ISO/IEC 21001 security controls, ISO 31000 risk management, Law 1581 of 2012, SIC's Single Circular, and Resolution 1995 of 1999. **Work Competencies:** Leadership, teamwork, communication skills, and decision-making. **Key Responsibilities:** * Establish the information security and cybersecurity governance framework. * Design information security and cybersecurity policies and standards. * Coordinate the implementation of the NIST CSF framework across the organization. * Report to senior management on the status of information and cybersecurity risks. * Supervise regulatory and contractual compliance in cybersecurity. * Coordinate preparation for internal and external audits. **Salary:** Negotiable. **Contract Type:** Fixed-term. **Working Hours:** Monday to Friday. **Work Location:** Apartadó, Ant. **Requirements:** Minimum of two years of experience in data protection laws to safeguard information assets Professional degree in administration, law, systems engineering, or related fields. Knowledge of regulations and reference frameworks, NIST CSF, ISO/IEC 27001:2022 (ISMS) Knowledge of ISO/IEC 21001 security controls, ISO 31000 risk management, Law 1581 of 2012 **Offer Conditions: