Lead Governance, Risk and Privacy initiatives, structuring and sustaining Information Security and LGPD (Brazilian Data Protection Law) governance.
Manage security risks, ensure compliance with standards, frameworks and applicable legislation (e.g., NIST, CIS, LGPD), and assess risks for third parties and critical vendors.
Foster an information security culture through both corporate-wide and tailored approaches.
Serve as the primary liaison with IT, Legal, Procurement, Compliance, Internal Audit and, when applicable, the ANPD (Brazilian Data Protection Authority).
Organize and prioritize the portfolio of security and privacy initiatives, managing the backlog, deadlines, dependencies and team capacity.
Ensure a clear execution cadence to avoid dispersion and an excessive number of concurrent projects.
Lead and develop people through IDPs (Individual Development Plans), structured feedback and career development support, promoting consistent management across the area.
Support coordinators, technical leaders and specialists, strengthening operational rituals and standards.
Translate the CISO’s strategic directives into roadmaps, executable plans and clear indicators.
Prepare executive-level inputs with status, relevant risks, progress and priorities to support decision-making.

Solid experience in Governance, Risk and Compliance (GRC) for Information Security and Privacy.
Practical knowledge of frameworks and best practices such as NIST, CIS and ISO 27001/27002.
Experience identifying, analyzing and treating risks, defining controls and monitoring indicators (KPIs and KRIs).
Experience assessing third-party and critical vendor risks.
Technical ability to engage with IT, operational security, product and systems teams, translating risks into business impact.
Experience in regulated, auditable or medium/large corporate environments.

DIFFERENTIALS:

GRC and Privacy Coordinator

About this role