Porto a Porto

Senior Information Security Governance Analyst – GRC

Porto a Porto

full-time

Posted on:

Location Type: Hybrid

Location: São PauloBrazil

Visit company website

Explore more

AI Apply
Apply

Job Level

Senior

Tech Stack

Cloud

About the role

  • Manage information security (SI) risks and non-compliance;
  • Review and monitor risk action plans established by the lines of defense;
  • Manage audit findings (internal and external) and information security cyber risks, discussing action plans to remediate risks at their root cause;
  • Assess regulatory risks related to information security;
  • Integrate topics addressed in SI risk management with Information Security domains;
  • Facilitate the Information Security Risk committee to support decision-making and optimize risk treatment by information security management;
  • Define, track progress, and provide visibility of KRIs (Key Risk Indicators);
  • Monitor and perform control tests on risk causes through periodic checks, flagging process deviations that may affect the current risk level and notifying stakeholders to implement action plans;
  • Drive continuous improvement of processes involving information security risks;
  • Provide visibility of information security risks identified in business verticals and coordinate the necessary alignments so these risks are recorded by the second line of defense;
  • Prepare executive reports and presentations for management, translating risk results into business language;
  • Act as the focal point for process-related inquiries;
  • Promote continuous improvement of processes involving information security risks.

Requirements

  • Bachelor's degree in Technology, IT Governance, Information Security, Cyber Risk, or IT Audit;
  • Knowledge and experience in information security, IT, cyber, cloud security, software development, vulnerability management and cyber threats, risk assessment, and systems auditing;
  • Ability to identify, assess, and quantify potential risks;
  • Knowledge of the requirements and impacts of SUSEP Circular No. 638/2021 and BACEN Resolution No. 4,893/2020;
  • Knowledge of other relevant laws, such as LGPD, GDPR, and cybersecurity in general;
  • Knowledge and experience applying major industry frameworks: ISF (Information Security Forum), NIST, CSA, PCI, ISO 27000 family, CIS, COBIT;
  • Experience in interactions with regulatory bodies;
  • Knowledge and/or experience implementing and using GRC tools;
  • Ability to work independently and as part of a team;
  • Strong communication skills;
  • Ability to manage security risks that may be introduced into the environment and to stay current with the evolving threat landscape;
  • Improve information security controls, seeking automated solutions to streamline processes;
  • Focus on continuous learning and collaboration between the technical and business teams involved in information security risk management.
Benefits
  • Flexible meal and food allowances;
  • Health plan;
  • Dental plan;
  • Wellhub and TotalPass;
  • Bio Ritmo gym exclusive for employees: at the Headquarters complex;
  • Profit sharing (PLR);
  • Share program: "Porto em Ação" — complementary to PLR until 2025;
  • Sand and multi-sport courts: at the Headquarters complex;
  • Transportation voucher;
  • Shuttle van services available from the main access stations to Porto (Luz, Barra Funda, Santa Cecília, and Júlio Prestes);
  • Extended parental leave: up to 40 days for all family configurations;
  • Extended maternity leave of 6 months;
  • Medical outpatient clinic with specialties: at Headquarters and Barra Funda;
  • Childcare or nanny allowance;
  • Life insurance;
  • Private pension plan — PortoPrev;
  • Discounts on products and services;
  • Education scholarship: reimbursement for undergraduate, postgraduate, or MBA courses;
  • Monthly race subsidies for major road races in São Paulo;
  • Language course reimbursement (English or Spanish);
  • Porto Theater: exclusive sessions for employees;
  • Library;
  • Rest room: at the Headquarters complex;
  • Game room: at the Headquarters complex;
  • Massage and podiatry services: at the Headquarters complex;
  • Work location: On-site (we operate hybrid models, which will be discussed during the recruitment process);
Applicant Tracking System Keywords

Tip: use these terms in your resume and cover letter to boost ATS matches.

Hard Skills & Tools
information securitycyber riskrisk assessmentvulnerability managementsystems auditingcloud securitysoftware developmentrisk managementcontrol testingcontinuous improvement
Soft Skills
strong communicationindependent workteam collaborationdecision-makingprocess improvementstakeholder engagementproblem-solvingreportingpresentation skillsadaptability
Certifications
Bachelor's degree in TechnologyBachelor's degree in IT GovernanceBachelor's degree in Information SecurityBachelor's degree in Cyber RiskBachelor's degree in IT Audit