ICT Risk Professional – Consultant
TIM Brasil
full-time
Posted on:
Location Type: Hybrid
Location: Rio de Janeiro • 🇧🇷 Brazil
Visit company websiteJob Level
Mid-LevelSenior
Tech Stack
Cloud
About the role
- Perform analysis of corporate projects, identifying technical and procedural weaknesses related to Information Security and Data Protection;
- Conduct risk assessments on technology assets (systems, networks, security devices, websites and applications) in On-Premises and Cloud Computing environments (IaaS, PaaS, SaaS);
- Work together with IT and Business areas to oversee the implementation of action plans and mitigating controls resulting from risk analyses and project reviews;
- Monitor and report on the progress of action plans related to vulnerabilities and non-conformities, ensuring mitigation within defined deadlines;
- Support the analysis of strategic projects, ensuring compliance with legal, regulatory and corporate security requirements;
- Assess risks and internal controls (technological and procedural), aligning them with good governance practices and industry frameworks;
- Conduct vendor assessments as part of RFP/RFQ/RFI processes, analyzing technology and business risks associated with the procurement of solutions and services;
- Evaluate and approve requests related to Site-to-Site VPNs, ensuring secure integration with external vendors;
- Support the review and update of policies, standards, processes and internal controls related to Information Security, IT Governance and secure development practices;
- Perform triage and routing of requests from the demand management system, ensuring correct prioritization and allocation of tasks.
Requirements
- Proven experience in Risk Management, Project Analysis and Information Security;
- Knowledge of reference frameworks and standards such as ISO/IEC 27001, ISO/IEC 27005, NIST CSF, COBIT and ITIL;
- Experience with Cloud Security (IaaS, PaaS, SaaS) and risk analysis in hybrid environments;
- Knowledge of IT vendor assessment and Third Party Risk Management (TPRM) processes;
- Experience in vulnerability analysis and tracking mitigation plans;
- Knowledge of managing information security policies, standards and controls;
- University degree required, preferably in Information Technology, Information Security, Computer Engineering or related fields.
Benefits
- Flexible Benefits Program
- Medical and Dental Coverage *
- Medication Benefit *
- Wellhub (formerly Gympass) *
- Food and/or Meal Allowance
- Financial Wellness Program
- Private Pension Plan
- Company mobile phone with unlimited data and voice allowance
- Discounts and partnerships with over 3,000 companies and institutions, including discounts on your electricity bill and broadband internet
- Online English course extendable to one family member or friend
- Internal Training and Development Program
- Profit Sharing
- "My First Benefit" - Support for children up to 2 years old
- Daycare Reimbursement (for parents)
- Flexible work models and schedules
- Happy Day - Day off during your birthday month
- Extended leave for maternity, paternity, marriage and adoption
- Transportation Voucher
- And more!
Applicant Tracking System Keywords
Tip: use these terms in your resume and cover letter to boost ATS matches.
Hard skills
Risk ManagementProject AnalysisInformation SecurityCloud SecurityVulnerability AnalysisThird Party Risk ManagementIT GovernanceSite-to-Site VPNData ProtectionCompliance Assessment
Soft skills
Analytical SkillsCollaborationCommunicationProblem SolvingPrioritizationOrganizational SkillsAttention to DetailReportingMonitoringLeadership
Certifications
ISO/IEC 27001ISO/IEC 27005NIST CSFCOBITITIL