Key skills
Risk Management
About this role
Role Overview
- Solid knowledge of Information Security and Data Protection standards and frameworks (LGPD, ISO 27001, NIST CSF, COBIT, ITIL, etc.).
- Ability to develop and maintain organizational security controls.
- Understanding of enterprise risk management applied to IT and cybersecurity.
- Experience in managing cyber incidents from a processual and regulatory perspective.
- Familiarity with GRC tools is considered a plus.
Requirements
- Bachelor's degree in related fields: Computer Science, Information Systems, Computer Engineering, Computer Networks, Information Security or related areas.
- Postgraduate degree or specialization in Information Security, LGPD, or Risk Management is desirable.
- ISO/IEC 27001 Lead Implementer or Auditor (desirable)
- ITIL Foundation or higher (desirable)
- CISM or CRISC (desirable)
- Experience in Information Security, focusing on the definition and drafting of policies, standards, processes and audits.
- Creation and updating of corporate information security policies.
- Definition, implementation and monitoring of internal security standards applicable to multiple departments.
- Support and interface with internal and external audits.
- Conducting information security risk assessments in computing environments.
- Creation, implementation and monitoring of BCPs (Business Continuity Plans).
- Creation, implementation and monitoring of personal data inventories and data protection impact reports.
- Support for Data Protection Officer (DPO) activities.
- Monitoring regulatory compliance (LGPD, ISO 27001, NIST, COBIT, PCI-DSS).
Benefits
- Health insurance
- Dental insurance
- Life insurance
- Childcare assistance
- Transportation voucher
- Meal or food allowance
- Benefits club
- Access to Wellhub
- Consultation with an online personal trainer.