Senior Security Engineer – GRC

Creditas

Drive GRC automation and implement AI to optimize security governance and compliance. Partner with engineering and audit teams to embed automated controls in CI/CD and perform data-driven risk assessments.

Posted 6/8/2026full-timeSão Paulo • 🇧🇷 BrazilSeniorWebsite

Tech Stack

Tools & technologies

Cloud

About the role

Key responsibilities & impact

Lead GRC automation: Transform compliance requirements and policies into automated controls (Compliance as Code), reducing reliance on manual evidence collection.
Implement AI in governance: Explore and apply AI solutions to optimize GRC processes, such as risk analysis, vulnerability mapping, and responses to security questionnaires.
Develop and maintain technical controls: Work closely with Engineering teams to ensure frameworks such as ISO 27001, NIST, and SOC 2 are implemented via automation in the CI/CD pipeline.
Manage risks with a data-driven approach: Conduct security risk assessments using real data and telemetry, moving beyond subjective analysis.
Build automated indicators: Create technical and operational security dashboards that reflect compliance in real time, using APIs and data tools.
Technical interface with audit: Orchestrate internal and external audit deliverables through systematized processes, ensuring findings/non-conformities are treated as technical debt.
Support Privacy and Business: Act as a technical consultant to Privacy and Business areas, ensuring new projects and vendors incorporate security controls by design.

Requirements

What you’ll need

Engineer mindset: Proven experience in security with a strong inclination to solve governance problems through code and automation.
AI enthusiast: Knowledge (or hands-on projects) using Artificial Intelligence to accelerate security and governance processes.
Experience with infrastructure automation: Familiarity with tools that enable automated security and compliance checks (scripts, APIs, cloud integration).
Mastery of frameworks: Hands-on experience applying NIST, ISO 27001, SOC 2, and technical knowledge of LGPD/GDPR.
Negotiation and influence skills: Ability to evangelize a security culture and influence technology teams without formal authority.
Critical process perspective: Ability to identify gaps in corporate documentation and suggest improvements that align security with business agility.
Availability for hybrid work: Must attend our office in the Morumbi area of São Paulo once a month for four consecutive days, usually in the last or first week of the month (Creditas in Person).

Benefits

Comp & perks

Health plan (Alice)
Dental plan (SulAmérica)
Wellz: 100% free therapy sessions
Wellhub: access to gyms and studios
Creditas Endurance: incentive program for high-impact sports
Pharmacy partnership (Univers)
Life insurance (Porto Seguro)
Birthday day off
Extended parental leave: 6 months for birthing parents and 35 days for non-birthing parents
Family Care: support program for maternity and paternity
Childcare assistance
Assistance for dependents with disabilities (PWDs)
SESC: access to facilities for you and your dependents
Meal voucher (VR): flexible benefits card (Creditas Card)
Payroll-deductible loan (Creditas Benefits)
Salary advance (Creditas Benefits)
Discounts on insurance (Minuto Seguros)
Access to exclusive financial education content on the Creditas app
PPR: profit-sharing program
Educational and development incentives
Flexible working model
Free bike parking at the office
Partnered parking at the office (subject to internal availability)

ATS Keywords

✓ Tailor your resume

Applicant Tracking System Keywords

Tip: use these terms in your resume and cover letter to boost ATS matches.

Hard Skills & Tools

GRC automationCompliance as CodeAI solutionsrisk analysisvulnerability mappingISO 27001NISTSOC 2CI/CD pipelinesecurity risk assessments

Soft Skills

engineer mindsetnegotiation skillsinfluence skillscritical process perspective