Apply

Ready to go for it?

AI Apply speeds things up—apply directly if you prefer.

FREE ACCESS
5,000–10,000 jobs/day
JobTailor Logo

See all jobs on JobTailor

Search thousands of fresh jobs every day.

Discover
  • Fresh listings
  • Fast filters
  • No subscription required
Create a free account and start exploring right away.
Grupo Boticário

Risk Specialist I – Information Security

Grupo Boticário

Especialista I de Riscos at Grupo Boticário focusing on information security and risk management. Collaborate on audits and implement frameworks for risk maturity addressing cybersecurity scenarios.

Posted 7/7/2026full-timeRemote • BrasilMid-LevelSeniorWebsite

About the role

Key responsibilities & impact
  • **Strategic Risk Partnership:** Map, identify, and model cyber and digital-origin corporate risk scenarios (such as data leaks, digital extortion, cyberattacks, and downtime) across the company's ecosystem, translating technical data into clear business-impact insights.
  • **Audit Orchestration:** Serve as the primary focal point and facilitator for internal and external audits. You will be the link between auditors and technology teams, constructively challenging findings, ensuring clarity of control objectives and validating that technical responses are robust.
  • **Maturity Advancement (NIST & CIS):** Conduct periodic assessments and manage the roadmap for Information Security maturity using the CIS Controls and NIST CSF frameworks to evaluate and raise the effectiveness of our technical controls.
  • **Action Plan Assurance (Remediation):** Support and guide technical teams in building effective action plans (APs), ensuring that proposed fixes address root causes and truly mitigate the issues identified in audits.
  • **PCI DSS Support:** Support the management, design, and effectiveness testing of controls related to PCI DSS certification, ensuring continuous compliance and the security of our transactional operations.
  • **Technological Resilience:** Actively collaborate in mapping discontinuity scenarios for critical environments, supporting decision-making that ensures business resilience and continuity based on technological criticality.
  • **Metrics and Awareness:** Operate GRC tools, review metrics, and create intelligent KRIs (Key Risk Indicators) to monitor the materialization of risks. In addition, you will support the dissemination of a risk and security culture across the company.

Requirements

What you’ll need
  • **Experience in Risk Management and GRC:** Solid experience in Information Security risk management, Technology, Technical Controls, or IT audit.
  • **Proficiency with Industry Frameworks:** Practical knowledge and application of global frameworks, mandatorily NIST CSF and CIS Controls. Familiarity with ISO standards (31000, 27001, 22301) and COBIT is a plus.
  • **Audit and Controls Background:** Experience supporting Technology audits, as well as designing, implementing, and testing the effectiveness of mitigating and compensating controls.
  • **Regulatory Knowledge of PCI:** Familiarity with the requirements, architecture, and sustaining processes for PCI DSS certification.
  • **Threat Modeling and Metrics:** Strategic capability to conduct structured risk analyses (qualitative and quantitative) and develop customized modeling by line of business. Technical ability to translate risk exposure into actionable GRC indicators (KPIs and KRIs) to support decision-making.
  • **Artificial Intelligence:** Knowledge of Artificial Intelligence and the ability to use AI tools to optimize and improve process efficiency is a plus.
  • **Communication and Diplomacy (Soft Skills):** Excellent corporate communication skills, with the ability to translate complex technical terms into business impacts for different audiences. A consultative, resilient profile with strong influence to negotiate timelines and solutions with Information Security and Technology teams.
  • **Business Perspective:** Mindset focused on understanding the company's value chain, viewing security as a driver of trust and business growth.
  • **Builder and Autonomous Profile:** Entrepreneurial mindset (ownership) to independently manage highly complex projects, driving high‑value results and developing scalable, efficient operations.

Benefits

Comp & perks
  • Here, your **Health** is a priority
  • . Medical and dental plan
  • . Medication assistance
  • . Health allowance for family members
  • . Free psychotherapy sessions
  • . Telemedicine and second medical opinion
  • . Free flu vaccination
  • . Health care programs
  • **- To take care of your **Nutrition**
  • . Meal voucher or local restaurant card (depending on work model)
  • . Food allowance
  • . Holiday food allowance
  • **- **Ensuring Well-being and Quality of Life in all aspects of life**
  • . Gym and fitness studio plan
  • . Home office allowance (hybrid and remote work models)
  • . Pet health plan
  • . Birthday day off
  • . Up to 40% discount on our products
  • . Employee membership (agreements and partnerships, multi‑brand store, Total Pass gyms, courses and much more!)
  • . Travel and accommodation program
  • **- For the **Family**, our most precious asset
  • . Childcare assistance
  • . Child nutrition credit
  • . Babysitter allowance
  • . School supplies allowance
  • . Legal, psychological and social counseling
  • . Support for atypical parents
  • . Extended parental leave (180 days for mothers and 120 days for fathers)
  • **- **Mobility **for your on-site journey
  • . Commuter benefit and parking (hybrid and on-site models)
  • **- **Financial Security **for protection and peace of mind
  • . Life insurance
  • . Support in the event of parents' passing
  • . Private pension plan
  • . Payroll-deductible loans

ATS Keywords

✓ Tailor your resume
Applicant Tracking System Keywords

Tip: use these terms in your resume and cover letter to boost ATS matches.

Hard Skills & Tools
Risk AnalysisTechnical ControlsGRC ToolsThreat ModelingMetrics Development
Soft Skills
Corporate CommunicationNegotiationConsultative ApproachResilienceInfluence