Senior Governance and Awareness Analyst

IBLISS Digital Security

full-time

Posted on: 10/17/2025

Location Type: Hybrid

Location: São Paulo • 🇧🇷 Brazil

Visit company website

✨ AI Apply

Apply

Job Level

Senior

About the role

Support the planning and execution of projects focused on governance, compliance and continuity management;
Implement standards, policies and procedures that support the information security and risk management framework;
Lead internal and external audits, ensuring compliance with regulatory standards and best practices;
Conduct supplier assessments, evaluating cyber risks, contractual compliance and adherence to technical and security requirements;
Support business continuity management (BCP/DRP), participating in the definition of policies and procedures, training (e.g., table-top exercises) and plan testing;
Monitor and ensure adherence to laws, frameworks and standards such as ISO 27001/27701, ISO 27005, ISO 31000, ISO 22301, LGPD, NIST CSF and NIST SP 800-53, among others;
Act in a consultative capacity as a reference for the Governance and Awareness area, advising internal teams and clients;
Map and review policies, standards and processes;
Support clients in technical and strategic projects (onsite or remote);
Participate in committees, meetings and forums with business areas, technology teams and executive leadership when required;
Assess and respond to privacy incidents when they occur, ensuring appropriate handling and response in accordance with policies and legislation;
Contribute to the continuous improvement of data protection and privacy practices;
Support the structuring of processes based on Privacy by Design and Privacy by Default principles;
Lead educational campaigns and information security culture initiatives, both internally and with clients;
Plan and execute educational campaigns with accessible, creative content aligned to the target audience;
Produce materials such as scripts, presentations, remote and in-person activities, trainings, workshops, videos and interactive events;
Deliver talks, trainings and workshops on security, privacy and digital ethics;
Develop content for social media, internal communications and institutional materials;
Conduct social and engagement activities with partners and clients to reinforce the organization’s purpose;
Conduct risk assessments (current and potential), identifying impacts to compliance and operations;
Develop, monitor and validate corrective and preventive action plans;
Monitor risks using indicators and targets;
Prepare management and executive reports with status and trend analysis.

Requirements

Proven experience in Governance, Risk, Compliance and Awareness;
Bachelor’s degree or postgraduate degree in Technology and Security;
ISO 27001 Lead Auditor certification or equivalent;
Experience with information security awareness campaigns, including remote and in-person presentations;
Practical experience in audits and interactions with regulatory bodies;
Knowledge of standards, laws and frameworks such as: LGPD, GDPR, NIST CSF, NIST SP 800-53, CIS Controls, PCI DSS, COBIT, ITIL, the ISO 27000 family, among others;
Experience with supplier risk assessments and continuity management (BCM/DRP);
Analytical profile with the ability to structure action plans;
Excellent communication, creativity and command of playful and educational language for trainings, activities and presentations;
Ability to provide consultative support across different areas and hierarchical levels;
English desirable.

Benefits

Referral bonus
Day off on your birthday
Annual profit-sharing (PLR) proportional and aligned with revenue targets
Knowledge sharing sessions
Discounts at educational institutions
Wellhub

Applicant Tracking System Keywords

Tip: use these terms in your resume and cover letter to boost ATS matches.

Hard skills

GovernanceRisk ManagementComplianceInformation SecurityAuditingSupplier Risk AssessmentBusiness Continuity ManagementData ProtectionPrivacy by DesignPrivacy by Default