RPE

Junior GRC Analyst – Security Governance

RPE

full-time

Posted on:

Location Type: Remote

Location: Brasil

Visit company website

Explore more

AI Apply
Apply

Job Level

Junior

About the role

  • Operationalize security awareness campaigns by managing a gamification platform and monitoring employee engagement.
  • Manage the evolution of learning paths, ensuring progress across proficiency levels through certifications (e.g., SANS).
  • Deliver Security training for new hires, ensuring understanding of corporate directives from day one.
  • Plan and execute phishing test schedules, analyze results, identify improvement opportunities, and produce effectiveness reports for leadership.
  • Create and organize a calendar of security micro-lessons and announcements, ensuring frequency and consistency of messaging.
  • Respond to security questionnaires sent by clients, maintain an organized knowledge base, and seek optimization opportunities.
  • Coordinate with technical teams to request and organize evidence (screenshots, logs) required to demonstrate controls to clients.
  • Draft and review Policies, Procedures (SOPs) and Standards, ensuring alignment with certification requirements (ISO 27001, ISO 27701, ISAE 3402) and the company’s operational reality.
  • Map processes using flowcharts, define SLAs, and create execution guides to standardize security activities and facilitate understanding by business areas.
  • Coordinate the approval, publication and versioning workflow for normative documents, ensuring the official repository is always auditable and up to date.
  • Develop supporting materials such as playbooks and quick reference guides to help internal teams correctly implement GRC directives.

Requirements

  • Bachelor's degree completed or in progress in Information Technology, Information Security, Business Administration, Law, or related fields.
  • Methodical and organized profile, with the ability to manage multiple requests, deadlines, and document controls simultaneously.
  • Strong writing skills for drafting policies and communications, as well as good verbal communication for conducting trainings and internal presentations.
  • Prior experience with training gamification tools (e.g., Hacker Rangers) or phishing simulation platforms.
  • Prior experience with task or documentation management tools (Jira, Confluence, SharePoint).
  • Theoretical knowledge or practical experience with the ISO 27001 standard.
  • Familiarity with information security and privacy frameworks (NIST, CIS Controls, ISO 27701).
  • Previous experience in technology companies, payment services, or the financial sector is a plus.
Benefits
  • Collaborative and innovative work environment.
  • Contract type: Contractor (PJ).
  • Work model: Remote.
  • Direct mentorship from senior specialists in the area, providing accelerated learning.
Applicant Tracking System Keywords

Tip: use these terms in your resume and cover letter to boost ATS matches.

Hard Skills & Tools
security awareness campaignsgamification platform managementphishing test analysispolicy draftingprocess mappingSOPscertification requirementsGRC directivesISO 27001ISO 27701
Soft Skills
methodicalorganizedstrong writing skillsverbal communicationability to manage multiple requestsdeadline managementdocument controltraining deliveryinternal presentationsidentifying improvement opportunities
Certifications
SANSISO 27001ISO 27701ISAE 3402