Zup Innovation

Senior GRC Security Analyst – Governance, Risk & Compliance

Zup Innovation

full-time

Posted on:

Location Type: Remote

Location: Brazil

Visit company website

Explore more

AI Apply
Apply

Job Level

Senior

Tech Stack

AWSAzureCloudGoogle Cloud PlatformPythonServiceNow

About the role

  • Lead the annual Business Continuity Management (BCM/BCP) process, including scope review, validation of plan adherence, coordination of Business Impact Analysis (BIA), simulation exercises (tabletops) and follow-up update actions;
  • Translate technical data into business indicators, calculating and promoting metrics such as QRE and ROSI, and build dashboards and executive presentations to support initiative prioritization and budget decisions;
  • Conduct governance, risk and compliance assessments for projects and services, including cloud environments, applications and vendors;
  • Define, review and operationalize security policies, standards and controls, aligned with frameworks such as ISO 27001, NIST, SOC and PCI;
  • Coordinate internal and external audits, engage stakeholders and track remediation actions through to completion;
  • Manage supplier-related risks and contractual security requirements;
  • Translate technical and organizational risks into clear recommendations and priorities for the business;
  • Operate and optimize GRC tools and security platforms, and support tuning of SIEM use cases and incident response playbooks;
  • Automate controls and processes using scripts or CI pipelines, proposing continuous improvements;
  • Act as a technical reference within the team, mentoring colleagues and promoting security best practices;

Requirements

  • Hands-on experience in Information Security with a focus on GRC, audit or compliance;
  • Experience in Business Continuity Management (BCP/DRP), including conducting BIA and coordinating continuity exercises;
  • Proven ability to quantify risks and evaluate security return on investment (QRE/ROSI), translating results into business language through dashboards and executive presentations;
  • Practical experience in risk assessment, control definition and audit coordination;
  • Familiarity with GRC platforms (such as OneTrust or ServiceNow) and SIEM tools, either in implementation or in operating detection and response use cases;
  • Experience with cloud environments (AWS, Azure or GCP) in the context of risk analysis and governance;
  • Experience with scripting for automation (Python, Bash, PowerShell) or with infrastructure-as-code / CI applied to security controls;
  • Intermediate to advanced English for communication with vendors and reading documentation;
  • Strong communication and negotiation skills and the ability to engage with technical and business stakeholders.
Benefits
  • Work remotely from anywhere
  • Flexible hours
  • Education allowance
  • Proprietary career development platform
  • Internal guilds and study/interest groups
  • Health insurance
  • Dental plan
  • Discounted medication purchasing partnership
  • 24/7 telemedicine
  • Free online therapy
  • Wellhub
  • Extended maternity leave
  • Extended paternity leave
  • CAZ – Zuppers Support Center
  • Meal and food allowance
  • Life insurance
  • Transportation allowance
  • Home office allowance
  • Daycare assistance
  • Phone plan subsidy
  • Profit-sharing (PLR)
Applicant Tracking System Keywords

Tip: use these terms in your resume and cover letter to boost ATS matches.

Hard Skills & Tools
Information SecurityBusiness Continuity ManagementBusiness Impact AnalysisGovernance, Risk and ComplianceRisk AssessmentControl DefinitionScriptingInfrastructure-as-CodeCloud EnvironmentsSecurity Metrics
Soft Skills
CommunicationNegotiationMentoringStakeholder EngagementTechnical Reference
Certifications
ISO 27001NISTSOCPCI