Riachuelo

Senior Retail Security Analyst

Riachuelo

full-time

Posted on:

Location Type: Hybrid

Location: São PauloBrazil

Visit company website

Explore more

AI Apply
Apply

Job Level

Senior

Tech Stack

AWSAzureCloudGoogle Cloud PlatformSDLC

About the role

  • Ensure that information security rules, policies and best practices are applied across all retail products, services and operations, including digital channels, physical stores, back-office operations and partners.
  • Act as the Information Security focal point for the Retail Directorate, supporting strategic decisions with a risk perspective, operational impact analysis and business continuity considerations.
  • Support the secure design of retail solutions and systems, applying Security by Design and Privacy by Design principles throughout the customer journey.
  • Evaluate and advise on architectures related to store systems (point-of-sale / POS, TEF), physical and digital payment methods, omnichannel platforms and channel integrations, and integrations with suppliers, logistics partners and third‑party services.
  • Perform risk and security assessments on system integrations, considering threats such as fraud, unavailability, data leakage and operational impacts.
  • Implement and conduct Threat Modeling during analysis, planning and solution evolution phases.
  • Design and recommend security controls aligned with frameworks such as NIST, ISO 27000, CIS Controls and CSA CCM, considering the specific retail context.
  • Support the implementation of Zero Trust concepts and the Principle of Least Privilege in corporate, store and cloud environments.
  • Maintain and evolve the library of security controls and requirements, tailored to retail business needs.
  • Work collaboratively with Technology, Operations, Stores, Logistics, Payments, Marketing teams and external partners.

Requirements

  • Bachelor's degree in Information Security, Computer Science, Computer Engineering, Information Systems or related fields.
  • MBA or postgraduate degree in Information Security, Technology or related areas.
  • Advanced English.
  • Minimum of 6 years' experience in Information Security, with at least 3 years in security architecture and solutions.
  • Experience in retail, omnichannel environments or large-scale operations.
  • Experience with audits, compliance and regulatory requirements.
  • Experience operating in regulated environments (e.g., financial sector / Central Bank).
  • Information Security certifications (ISO 27001, ITIL, Security+, vendor-specific security product certifications).
  • SDLC and Secure Development practices.
  • Threat modeling (STRIDE, MITRE ATT&CK).
  • Ability to interpret complex architectures and assess risks in distributed environments (stores + cloud + partners).
  • Deep knowledge of: Operating Systems, Networks and Data Structures, Cloud environments (AWS, GCP, Azure, OCI).
  • Security controls for: store systems, corporate applications and digital platforms, REST APIs and system integrations, and databases.
  • Integration with Identity Providers (SAML, OIDC, SCIM).
  • Encryption and protection of sensitive data, especially customer and transaction data.
  • Knowledge of programming languages is desirable.
Benefits
  • Health insurance
  • Dental insurance
  • Meal voucher
  • Food voucher
  • Gympass
  • Childcare assistance
  • Culture voucher
  • Home office allowance
  • Profit Sharing (PLR)
  • Private pension plan
  • Group life insurance
  • Educational partnerships
  • Discounts at Riachuelo
Applicant Tracking System Keywords

Tip: use these terms in your resume and cover letter to boost ATS matches.

Hard Skills & Tools
Information SecuritySecurity ArchitectureThreat ModelingRisk AssessmentSecurity ControlsSecure DevelopmentData StructuresCloud environmentsEncryptionIntegration with Identity Providers
Soft Skills
CollaborationAnalytical ThinkingCommunicationOperational Impact AnalysisBusiness Continuity Considerations
Certifications
ISO 27001ITILSecurity+