Risk

• Support the planning and execution of projects focused on governance, compliance and continuity management;
• Implement standards, policies and procedures that support the information security and risk management framework;
• Lead internal and external audits, ensuring compliance with regulatory standards and best practices;
• Conduct supplier assessments, evaluating cyber risks, contractual compliance and adherence to technical and security requirements;
• Support business continuity management (BCP/DRP), participating in the definition of policies and procedures, training (e.g., table-top exercises) and plan testing;
• Monitor and ensure adherence to laws, frameworks and standards such as ISO 27001/27701, ISO 27005, ISO 31000, ISO 22301, LGPD, NIST CSF and NIST SP 800-53, among others;
• Act in a consultative capacity as a reference for the Governance and Awareness area, advising internal teams and clients;
• Map and review policies, standards and processes;
• Support clients in technical and strategic projects (onsite or remote);
• Participate in committees, meetings and forums with business areas, technology teams and executive leadership when required;
• Assess and respond to privacy incidents when they occur, ensuring appropriate handling and response in accordance with policies and legislation;
• Contribute to the continuous improvement of data protection and privacy practices;
• Support the structuring of processes based on Privacy by Design and Privacy by Default principles;
• Lead educational campaigns and information security culture initiatives, both internally and with clients;
• Plan and execute educational campaigns with accessible, creative content aligned to the target audience;
• Produce materials such as scripts, presentations, remote and in-person activities, trainings, workshops, videos and interactive events;
• Deliver talks, trainings and workshops on security, privacy and digital ethics;
• Develop content for social media, internal communications and institutional materials;
• Conduct social and engagement activities with partners and clients to reinforce the organization’s purpose;
• Conduct risk assessments (current and potential), identifying impacts to compliance and operations;
• Develop, monitor and validate corrective and preventive action plans;
• Monitor risks using indicators and targets;
• Prepare management and executive reports with status and trend analysis.

Senior Governance and Awareness Analyst

Governance Assistant – Position Exclusive to Candidates with Disabilities

IT Governance Analyst – Mid-level

Strategic Governance Analyst – Junior

Analista de Governança de TI, Pleno

IT Governance Analyst, Senior