Browse
···
Log in / Register
Job Summary: The GRC Coordinator will be responsible for coordinating Information Security Governance, Risk, and Compliance initiatives for Emana Pay. Key Highlights: 1. Lead the SI GRC strategy and ensure regulatory compliance. 2. Manage risk assessments, audits, and information security awareness. 3. Serve as the central point of reference for GRC in Information Security. **OUR PEOPLE, TOGETHER, LEAD WITH CONSCIOUSNESS.** At Natura, we have the potential to drive meaningful transformations. This is made possible through the innovative products of Natura and Avon; the memorable experiences of Bluma's beauty services and our financial education platform, Emana Pay. Brands and services that are relevant to those who use them and recognized for our commitment to leading regenerative businesses. **Role Type** Permanent **What will you be doing here?** The GRC Coordinator will be responsible for coordinating Information Security Governance, Risk, and Compliance initiatives in collaboration with internal and external teams at Emana Pay. Key responsibilities include developing and maintaining security policies and procedures, managing and assessing risks and controls, monitoring regulatory compliance, managing audits, evaluating third-party vendors, running awareness campaigns, and managing access. This professional will serve as the central point of reference for GRC in Information Security, monitoring and reporting potential vulnerabilities and non-conformities, and recommending corrective actions. **What knowledge and experiences will you need to bring to share with our network?** As coordinator of the GRC team, this person will lead the following responsibilities: * Coordinate the development and implementation of the SI GRC strategy, aligning it with business objectives and applicable regulations. * Develop and maintain operational and administrative procedures related to Information Security, as well as update SI policies, standards, and procedures. * Conduct periodic risk assessments, identifying and reporting vulnerabilities and threats to company assets. * Support teams in evaluating relevant third parties, as well as in monitoring controls and KPIs; * Supervise and ensure compliance with security regulations such as LGPD, GDPR, SOX, PCI-DSS, among others. * Coordinate internal and external audits, ensuring adequate preparation and response to all compliance requirements. * Raise user awareness regarding Information Security aspects for Pay. * Manage and report risk and compliance metrics to executive leaders and relevant departments. * Structure access management, identity management, and Segregation of Duties (SoD) for Pay. * Execute financial management of programs and/or projects under the SI area’s responsibility. * Implement and maintain governance, risk, and compliance frameworks such as ISO 27001, NIST, BACEN 4893, and PCI. * Ensure continuous training and awareness on risks and compliance among employees and stakeholders. * Define goals and performance indicators to monitor progress in Information Security controls. * Partner with the Compliance and Risk areas in implemented processes, from design through to eventual SI controls for risk mitigation. * Lead, together with Security Operations (SecOps), Information Security incident processes and reporting. **Technical Requirements (Hard skills):** * **Education:** Bachelor’s degree in IT-related fields, Law, Business Administration, or equivalent. Specialization (postgraduate or MBA) in Governance, Risk, or Information Security. * **Desirable Certifications:** CISM, CISA, CRISC, ISO 27001 Lead Implementer, COBIT, ITIL. * **Prior Experience:** Experience in Governance, Risk, Compliance, and Information Security, including leadership or coordination roles. **Technical Knowledge:** + Advanced knowledge of GRC frameworks (ISO 27001, NIST, COBIT, ITIL). + Experience with regulatory standards (LGPD, GDPR, PCI-DSS, BACEN 4893). * **Differentiator:** Experience in the financial sector or fintechs, and solid knowledge of Cybersecurity Operations or Information Security Engineering. **Behavioral Competencies (Soft skills):** * **Leadership:** Ability to lead multidisciplinary teams, inspiring and guiding team members to achieve objectives. * **Communication:** Excellent verbal and written communication skills to interact across diverse areas—from technical teams to senior leadership. * **Strategic Thinking:** Ability to align GRC processes with SI’s long-term goals, anticipating future challenges. * **Analytical Skills:** Strong ability to identify, analyze, and propose solutions to complex issues related to risk and compliance. * **Organization and Prioritization:** Ability to manage multiple tasks and projects simultaneously while staying organized and prioritizing critical activities. * **Influence Capability:** Ability to convince and influence stakeholders to adopt best GRC practices and implement necessary changes. **Proactivity and Decision-Making:** Autonomy to identify gaps and propose timely and effective corrective actions. #LI-JU1 **What will you find here?** We are more than just a workplace: we build and live the Well-Being Ecosystem daily, based on the harmonious relationship between each individual, their surroundings, and the environment they are part of. In addition to offering benefits focused on social, physical, financial, mental, and emotional well-being, we promote an environment of prosperity, belonging, and purpose, strengthening a solid network of support, expanded awareness, and respect for diversity, equity, and inclusion. We are a movement that transforms the way of living and doing business across 14 countries in Latin America, always guided by consciousness. **Do you know someone at Natura?** If so, ask for their corporate email and use it to request a recommendation when applying for a position. It’s an excellent opportunity to strengthen your network and advance in our selection process! **Natura celebrates and embraces diversity in all its forms and pluralities.** **We encourage #Women, #BlackPeople, #PeopleWithDisabilities, individuals from the #LGBTQIA+ community, #PregnantWomen, and people aged #50+ to apply for this position**
