Senior Information Security Analyst – GRC
Dasa
full-time
Posted on:
Location Type: Hybrid
Location: São Paulo • Brazil
Visit company websiteExplore more
Job Level
About the role
- Manage workstreams and relationships with internal IT and business areas, ensuring deadlines, quality, and effectiveness.
- Monitor and report on the development of risks, audit activities, and accreditations.
- Implement and enhance Information Security processes (NIST, CIS, ISO 27000 series).
- Work on mitigating operational and regulatory compliance risks.
- Conduct periodic supplier/vendor maturity assessments (TPRM) and develop continuous improvement plans.
- Support the delivery of executive reports.
Requirements
- Proven experience in risk management and audits (GRC).
- Knowledge of IT and information security (IS) risk.
- Experience conducting 1LoD, 2LoD, and 3LoD processes.
- Knowledge of governance and security frameworks such as ITIL, COBIT, NIST, CIS, ISO 27001, and others.
- Knowledge of compliance and mitigation of third-party risks.
- Strong communication and negotiation skills with internal and external stakeholders.
- Experience with vendor management tools and performance indicators.
- Degree in Information Technology, Business Administration, Engineering, or related fields.
- Certifications such as ITIL, COBIT, ISO 27001, CSM, or similar.
- Experience in large companies or regulated environments.
- Knowledge of agile methodologies and outsourcing contracts.
Benefits
- Important: we do not charge any fees in our recruitment/selection processes.
Applicant Tracking System Keywords
Tip: use these terms in your resume and cover letter to boost ATS matches.
Hard skills
risk managementauditsinformation security1LoD processes2LoD processes3LoD processesgovernance frameworkssecurity frameworkscompliancevendor management
Soft skills
communication skillsnegotiation skillsrelationship management
Certifications
ITILCOBITISO 27001CSM