About Viva
At Viva, we are the ultra low-cost airline leader in Mexico and one of the fastest-growing airlines in the Americas. We connect people to what matters most through safe, reliable, and low-cost air travel with a strong commitment to sustainability, efficiency, and long-term value creation.
About The Role
Ensure the design, drafting, and ongoing maintenance of Data Protection, AFAC, and other Finance/IT control framework policies, procedures, and controls, based on the Federal Law on the Protection of Personal Data Held by Private Parties (LFPDPPP) and its upcoming Regulation, as well as the ISO/IEC 27701:2025 standard, to strengthen risk management.
Key Responsibilities
- Design and maintain an up-to-date inventory of Personal Data (PDI) at the technical/operational level (field/table/API/log), built through data mapping. This inventory must identify where personal data resides within applications and their flows: where it is stored (modules, databases, logs), where it comes from, where it goes, system interfaces, and who has access.
- Record processing activities (RoPA) based on the previously created PDI, documenting, among others: purposes, categories of data subjects and data, recipients, data transfers and disclosures, retention/deletion periods, and a general description of security measures.
- Conduct risk assessments (DPIA)—including identification, analysis, and evaluation—when processing may involve high risk. This includes: a description of the processing and its purposes, assessment of necessity and proportionality, risk evaluation, and the measures/controls required to mitigate them.
- Design the Data Protection framework, including policies, procedures, and controls.
Required Profile
Academic Background
- Bachelor’s degree in Systems Engineering, Computer Science, Industrial Administration, or a related field.
- Mandatory postgraduate studies in Data Protection, Information Security, Computer Science, Risk Management, or Audit.
Experience
- 7+ years of experience in data protection, information security, IT auditing, or internal control.
- Implementation and maintenance of a Data Protection framework aligned with ISO 27701.
- Practical knowledge of COSO, ISO 27701, GDPR, and related frameworks.
- Familiarity with ISO 27000, ISO 27001, ISO 27002, ISO 27005, ISO 27017, ISO 27018, ISO 27701, ISO 31000, COBIT, ITIL, and the NIST Cybersecurity Framework.
- SAP knowledge (desirable).
- Strong knowledge of information security auditing and internal control.
- Experience in IT audit, internal control, and/or systems areas.
- Experience in regulated industries (aviation, consumer, financial, telecommunications, energy).
- Experience coordinating teams and cross-functional projects with senior leadership.
Preferred Certifications
- CIPP (Certified Information Privacy Professional).
- Cloud security or data protection-specific certifications.
- ISO/IEC 27001 Lead Auditor.
- Certifications in ITGC/Audit Controls and/or Information Security.
- CISA (Certified Information Systems Auditor).
- CIA (Certified Internal Auditor).
- CISM or CISSP.
- CRISC (Certified in Risk and Information Systems Control).
Competencies
- Critical thinking and problem-solving skills.
- Ability to coordinate policies across the organization, managing review cycles, approvals, and change control.
- Capability to design clear, coherent policies aligned with the strategy and regulatory framework.
- High-quality technical and operational writing, including version control and policy traceability.
- Proactivity and ability to work in high-demand, fast-changing environments.
- Teamwork and strong facilitation skills between business and technology areas.
- Leadership and talent management: team development, coaching, and coordinator-level leadership.
Benefits – Why You’ll Love Being #TeamViva
- Flexible schedule.
- Inspirational and fun work environment (#TheBestAirlineToWork).
- Unlimited vacation days from day one.
- Savings fund & savings account.
- Staff Travel: Discounted flights for you and up to 12 loved ones (after 6 months).
- MyIDTravel: Fly worldwide with 20+ airline alliances (after 6 months).
- Life & medical insurance + 24/7 online medical assistance for your family.
- Access to exclusive discounts (gyms, retail, universities, restaurants, and more).
- Above-the-law benefits.
Viva is an equal opportunity employer. All qualified applicants will receive consideration without discrimination of any kind. All candidate information will be handled confidentially and in compliance with mexican data-protection regulations. Your data will be used only for recruitment-related purposes.
