Key skills
Risk Management
About this role
Role Overview
- Solid knowledge of Information Security and data protection standards and frameworks (LGPD, ISO 27001, NIST CSF, COBIT, ITIL, etc.).
- Ability to develop and maintain organizational security controls.
- Understanding of enterprise risk management applied to IT and cybersecurity.
- Experience in incident management, especially cyber incidents, from procedural and regulatory perspectives.
- Familiarity with GRC (Governance, Risk, and Compliance) tools is a plus.
Requirements
- Bachelor's degree in related fields: Computer Science, Information Systems, Computer Engineering, Computer Networks, Information Security, or related areas.
- Postgraduate degree or specialization in Information Security, LGPD, or Risk Management is desirable.
- Experience in Information Security focused on defining and drafting policies, standards, processes, and audits.
- Creation and updating of corporate information security policies.
- Definition, implementation, and monitoring of internal security standards applicable across multiple departments.
- Support and liaison with internal and external audits.
- Conducting information security risk assessments in computing environments.
- Creation, implementation, and monitoring of BCP (Business Continuity Plan).
- Creation, implementation, and monitoring of personal data inventories and Data Protection Impact Assessments (DPIAs).
- Support to the Data Protection Officer (DPO) in related activities.
- Monitoring regulatory compliance (LGPD, ISO 27001, NIST, COBIT, PCI-DSS — where applicable).
Benefits
- Health insurance
- Dental plan
- Life insurance
- Childcare assistance
- Transportation voucher
- Meal or food allowance
- Benefits club
- Access to Wellhub
- Online personal trainer consultation