Risk

• Perform analysis of corporate projects, identifying technical and procedural weaknesses related to Information Security and Data Protection;
• Conduct risk assessments on technology assets (systems, networks, security devices, websites and applications) in On-Premises and Cloud Computing environments (IaaS, PaaS, SaaS);
• Work together with IT and Business areas to oversee the implementation of action plans and mitigating controls resulting from risk analyses and project reviews;
• Monitor and report on the progress of action plans related to vulnerabilities and non-conformities, ensuring mitigation within defined deadlines;
• Support the analysis of strategic projects, ensuring compliance with legal, regulatory and corporate security requirements;
• Assess risks and internal controls (technological and procedural), aligning them with good governance practices and industry frameworks;
• Conduct vendor assessments as part of RFP/RFQ/RFI processes, analyzing technology and business risks associated with the procurement of solutions and services;
• Evaluate and approve requests related to Site-to-Site VPNs, ensuring secure integration with external vendors;
• Support the review and update of policies, standards, processes and internal controls related to Information Security, IT Governance and secure development practices;
• Perform triage and routing of requests from the demand management system, ensuring correct prioritization and allocation of tasks.

ICT Risk Professional – Consultant

Analista de Governança de IA