Minimum of 5 years of experience in activities related to auditing financial entities in Mexico.

Experience in managing regulatory examinations and relationships with regulators and auditors.

Experience in compliance with regulatory bodies (CNBV, Condusef, Banco de México, etc.).

Experience in mechanisms and systems for Anti-Money Laundering and Combating the Financing of Terrorism.

Minimum of 5 years of experience in activities related to auditing financial entities in Mexico.

Experience in managing regulatory examinations and relationships with regulators and auditors.

Experience in compliance with regulatory bodies (CNBV, Condusef, Banco de México, etc.).

Experience in mechanisms and systems for Anti-Money Laundering and Combating the Financing of Terrorism.

Carry out credit-related audits to establish and monitor procedures and controls related to risky operations and compliance with Risk Exposure Limits.

Generate reports of observations from reviews, at least once a year, for the Board, Risk Committee, and Audit Committee, and keep said report available for the External Auditor.

Conduct audits for Comprehensive Risk Management, as well as present reports.

Periodically review, through selective tests, that the policies and norms established by the Board for the proper functioning of Stori are adequately applied.

Perform audits of Stori's main service providers or commission agents.

Review that the implemented control mechanisms lead to the adequate protection of Stori's assets.

Verify that IT systems, including accounting, credit portfolio operational, securities, or any other type, have mechanisms to preserve the integrity, confidentiality, and availability of information, prevent its alteration, and comply with the objectives for which they were implemented or designed.

Likewise, monitor said systems to identify potential failures and verify that they generate sufficient, consistent information that flows adequately.

Evaluate the measures and procedures related to IT security controls for anything that could compromise services provided through electronic services.

Review Contingency Plans and necessary measures to prevent information loss, as well as, where appropriate, its recovery or rescue.

Assess the effectiveness of internal control procedures.

Verify the organizational structure.

Verify the procedure for compliance with limits in risk assumption when entering into operations, tolerance levels, in the case of non-discretionary risks, in accordance with applicable legal provisions, as well as with policies established by Stori.

Follow up on relevant deficiencies or deviations detected in relation to Stori's operation, in order to ensure they are corrected in a timely manner, informing the Audit Committee and preparing specific reports.

Perform periodic reviews to verify due compliance related to the valuation of securities and other financial instruments.

Conduct internal legal audits.

Follow up on conclusions and improvement actions emanating from various Internal and External Audit reviews.

Monitor compliance with mechanisms for the adequate handling, control, and security of information generated, received, transmitted, processed, or stored in the execution of services or commissions that refer to the use of technological infrastructure, telecommunications, or information processing contracted by Stori.

Verify processes related to the management of Stori's resources, assets, and information systems and recommend necessary corrective actions.