Senior Information Security Analyst, Retail
Riachuelo
full-time
Posted on:
Location Type: Hybrid
Location: São Paulo • Brazil
Visit company websiteExplore more
Job Level
Tech Stack
About the role
- Ensure information security rules, policies and best practices are applied across all retail products, services and operations, including digital channels, physical stores, back-office operations and partners.
- Act as the Information Security focal point for the Retail Directorate, supporting strategic decisions with risk perspective, operational impact and business continuity considerations.
- Support secure design of retail solutions and systems, applying Security by Design and Privacy by Design principles across the customer journey.
- Evaluate and provide guidance on architectures related to:
- Systems used in stores (POS, checkout terminals, TEF)
- Physical and digital payment methods
- Omnichannel platforms and channel integrations
- Integrations with suppliers, logistics partners and third-party services
- Perform risk and security assessments on system integrations, considering threats such as fraud, unavailability, data leakage and operational impact.
- Implement and lead Threat Modeling activities during analysis, planning and solution evolution phases.
- Design and recommend security controls aligned with frameworks such as NIST, ISO 27000, CIS Controls and CSA CCM, taking into account the specific retail context.
- Support the implementation of Zero Trust concepts and the Principle of Least Privilege across corporate, store and cloud environments.
- Maintain and evolve the security controls and requirements library tailored to retail business needs.
- Work collaboratively with Technology, Operations, Stores, Logistics, Payments, Marketing teams and external partners.
Requirements
- Bachelor's degree in Information Security, Computer Science, Computer Engineering, Information Systems or related fields.
- MBA or postgraduate degree in Information Security, Technology or related areas.
- Advanced English.
- Minimum of 6 years' experience in Information Security, including at least 3 years in security architecture and solutions.
- Experience in retail, omnichannel or large-scale operations.
- Experience with audits, compliance and regulatory requirements.
- Experience working in regulated environments (e.g., financial sector / Central Bank of Brazil - Bacen).
- Information Security certifications (e.g., ISO 27001, ITIL, Security+, vendor/product security certifications).
- SDLC and Secure Development practices.
- Threat modeling (STRIDE, MITRE ATT&CK).
- Ability to interpret complex architectures and assess risks in distributed environments (stores + cloud + partners).
- Deep knowledge of: Operating Systems, Networking and Data Structures, Cloud environments (AWS, GCP, Azure, OCI).
- Security controls for: store systems, corporate applications and digital platforms, REST APIs and system and database integrations.
- Integration with Identity Providers (SAML, OIDC, SCIM).
- Cryptography and protection of sensitive data, especially customer and transaction data.
- Programming language knowledge is a plus.
Benefits
- Medical insurance
- Dental insurance
- Meal allowance
- Food allowance
- Gympass
- Childcare assistance
- Culture voucher
- Home office allowance
- Profit-sharing (PLR)
- Private pension
- Group life insurance
- Educational partnerships
- Discounts at Riachuelo
Applicant Tracking System Keywords
Tip: use these terms in your resume and cover letter to boost ATS matches.
Hard skills
Information SecuritySecurity ArchitectureThreat ModelingRisk AssessmentSecurity by DesignPrivacy by DesignSDLCSecure DevelopmentCryptographyData Structures
Soft skills
CollaborationStrategic Decision MakingRisk PerspectiveOperational Impact AnalysisBusiness Continuity Planning
Certifications
ISO 27001ITILSecurity+Vendor/Product Security Certifications