Key skills
AWSCloudCGoogle CloudLeadershipRisk ManagementCommunicationRemote WorkOWASPCloud Security
About this role
Role Overview
- Develop and implement a strategic vision for information security, aligned with business objectives and focused on continuously improving the area’s processes and controls.
- Lead the Information Security team to work in partnership with all other company areas.
- Manage contracts, assets and services related to information security, ensuring their optimal efficiency.
- Monitor trends and innovations in the security field, keeping the Information Security Management System up to date.
- Define information security standards and policies to protect information assets and ensure business continuity.
- Ensure regulatory compliance applicable to the company and adherence to industry best practices.
- Collaborate with technology teams to define and implement effective strategies for integrating security across the development lifecycle, from design to operation.
- Plan and implement processes and monitoring activities to mitigate risks and address potential threats.
- Analyze and handle information security incidents, map threats and vulnerabilities, and develop projects to prevent or remediate them.
- Ensure the development and quality of security testing routines for the IT technologies adopted by the company.
- Lead the training and awareness program to build a strong security culture across the company.
- Provide support for internal and external audits.
- Evaluate and monitor security KPIs, keeping senior leadership informed about the maturity of the information security program.
- Respond to requests and support the provision of the company’s ISMS information to clients and other stakeholders when required.
Requirements
- More than 5 years of experience leading projects in information security, preferably at technology companies or digital product firms.
- Experience conducting ISO 27001 and ISO 27701 assessments.
- Solid knowledge in cloud security, especially AWS and Google Cloud.
- Knowledge of standards, frameworks and best practices in information security, such as application security testing (AST), NIST, CIS, ISO 27001 and OWASP.
- Experience in secure development and knowledge of security engineering.
- Familiarity with DevSecOps best practices and methodologies.
- Risk management skills and a pragmatic approach.
- Information security certifications are desirable.
- Strong verbal and written communication skills, including demonstrated ability to prepare high-quality documentation and present to technical and non-technical audiences, including C-level executives and the Board of Directors.
- Ability to communicate in English (written and spoken).
Tech Stack
- AWS
- Cloud
Benefits
- 100% remote work.
- A culture of trust focused on results, with significant challenges and learning opportunities.
- Autonomy and ownership in a collaborative and empathetic environment.
- A feedback culture and regular 1:1s with human leadership and no micromanagement.
- Comprehensive benefits such as meal and grocery vouchers, childcare assistance, home office support, health, education and cultural benefits, Gympass, birthday day off, discounts on therapy and English courses, among other partnerships.