Mid-level Information Security Analyst, BISO Back Office – Legal, HR, Marketing and Corporate Areas
Riachuelo
full-time
Posted on:
Location Type: Hybrid
Location: São Paulo • Brazil
Visit company websiteExplore more
Tech Stack
About the role
- Ensure that information security rules, policies and best practices are applied to systems, processes and vendors in back-office areas such as Legal, HR, Marketing and corporate functions.
- Serve as the Information Security focal point for leaders in these areas, supporting decisions focused on risk, compliance, privacy and reputation.
- Support secure design of corporate solutions by applying Security by Design and Privacy by Design principles from conception.
- Evaluate and advise on architectures and solutions related to HR systems (HCM, payroll, benefits, recruitment), legal systems, contract and document management, marketing platforms, CRM, campaign automation and customer data, corporate SaaS tools and integrations with third parties.
- Perform risk and security assessments for new system and vendor engagements, considering data protection, access controls, integrations and third-party dependencies.
- Implement and conduct Threat Modeling, when applicable, for corporate solutions and sensitive integrations.
- Design and recommend security controls aligned with frameworks such as NIST, ISO 27000, CIS Controls and CSA CCM, tailoring them to the context of corporate areas.
- Support implementation of Zero Trust concepts and the Principle of Least Privilege in corporate and SaaS environments.
- Maintain and evolve the library of security controls and requirements, focusing on corporate applications and third parties.
- Work in partnership with Legal, Privacy, HR, Marketing, Procurement and strategic vendors.
Requirements
- Bachelor's degree in Information Security, Computer Science, Computer Engineering, Information Systems or related fields.
- MBA or postgraduate degree in Information Security, Governance, Risk Management or related areas.
- Minimum of 6 years of experience in Information Security, with at least 3 years in architecture, risk or security solutions.
- Experience in corporate and back-office environments, with strong exposure to SaaS systems and third-party/vendor management.
- Experience with audits, compliance, LGPD and regulatory requirements.
- Experience in regulated environments (e.g., financial services, retail or service sectors).
- Certifications in Information Security (ISO 27001, ITIL, Security+, or security product certifications).
- Advanced English.
- Knowledge of SDLC and Secure Development practices.
- Threat modeling (STRIDE, MITRE ATT&CK) for corporate environments.
- Ability to interpret architectures and assess risks in SaaS solutions and third-party integrations.
- Knowledge of Operating Systems, Networking and cloud fundamentals.
- Cloud environments (AWS, GCP, Azure, OCI).
Benefits
- Health insurance;
- Dental insurance;
- Meal voucher (Vale Refeição);
- Grocery voucher (Vale Alimentação);
- Gympass;
- Childcare assistance;
- Cultural voucher (Vale Cultura);
- Home office allowance;
- Profit sharing (PLR - Participation in Profits and Results);
- Private pension plan;
- Group life insurance;
- Educational partnerships;
- Discounts at Riachuelo.
Applicant Tracking System Keywords
Tip: use these terms in your resume and cover letter to boost ATS matches.
Hard skills
Information SecurityRisk ManagementSecurity by DesignPrivacy by DesignThreat ModelingSecurity ControlsZero TrustSaaSSDLCSecure Development
Soft skills
Interpersonal CommunicationLeadershipOrganizational SkillsCollaboration
Certifications
ISO 27001ITILSecurity+