Key skills
AWSAzureCloudGoogle Cloud PlatformServiceNowSQLLookerBIPower BIGCPGoogle CloudIAMJiraConfluenceLeadershipCollaborationCloud Security
About this role
Role Overview
- Support the maintenance and evolution of Technology and Information Security policies, standards, and procedures.
- Contribute to the definition and update of risk governance processes aligned with frameworks (ISO 27001, NIST CSF, SOC 2, ITGC, etc.).
- Assist in ensuring clarity of responsibilities (RACI) across Cyber, Technology, Product, and Business teams.
- Perform continuous monitoring of KPIs and KRIs related to GRC, preparing follow-up materials and executive reports.
- Conduct Risk Assessments and GAP Assessments based on recognized frameworks (ISO 27001, NIST, etc.).
- Support regulatory assessments, partner due diligence, and risk reviews involving technological and cybersecurity controls.
- Consolidate technical and non-technical findings into structured analyses, highlighting impacts and recommendations.
- Ensure consistency among the area’s assessments, internal audits, external audits, and risk decisions.
- Ensure organization, quality, and traceability of evidence and control artifacts, following the “test once, report many” principle.
- Support internal and external audits by providing information and evidence in a structured and timely manner.
- Contribute technical analyses that inform leadership decision-making on risk topics, control posture, and prioritization.
- Provide support to technology and business areas in interpreting audit requirements, controls, and compliance obligations.
- Support the alignment of governance and risk initiatives with the organization’s GRC operating model.
Requirements
- Bachelor's degree in Information Technology, Information Security, Engineering, Computer Science, Information Systems, or related fields.
- Practical knowledge of frameworks and standards: ISO 27001/27002, NIST CSF, NIST 800-30/800-53, COBIT, SOC 2, ITGC.
- Practical knowledge of security controls: IAM, PAM, DLP, Backup, Vulnerability Management, EDR, SIEM, SOC, Cloud Security (AWS/Azure/GCP).
- Practices in governance and management of technology risks.
- Knowledge of Central Bank regulatory standards.
- GRC platforms: ServiceNow GRC, Archer, OneTrust.
- Collaboration and management tools: Jira, Confluence.
- Data visualization: Power BI, Looker Studio.
- Data analysis: Advanced Excel, SQL (a plus).
- Consolidation of indicators (KPIs/KRIs) and construction of dashboards for risk monitoring.
Tech Stack
- AWS
- Azure
- Cloud
- Google Cloud Platform
- ServiceNow
- SQL
Benefits
- 14th and 15th fixed salary payments.
- Profit-sharing (based on seniority).
- Health and dental plans with no co-pay.
- Wellbeing programs via Wellhub (formerly Gympass), nutrition, psychology, occupational health, massage, running group, and local gym access.
- Food and meal vouchers with flexible percentage allocation between VA/VR cards, no co-pay.
- Extended maternity and paternity leave.
- Childcare or nanny allowance for children up to 6 years and 11 months.
- Support for children with disabilities, no age limit.
- Life insurance.
- Private pension plan up to 8% of salary.
- Training platform – Sicredi Aprende, offering a variety of courses.
- 40-hour workweek – operating under a time bank system.
- Telework allowance (except for positions that are 100% on-site).