Description: Ensure compliance maintenance and health, guaranteeing that processes, technologies, and people comply with all applicable security, privacy, legislation, and regulatory requirements in the Cloud domain. Responsibilities and Duties * Manage risks related to the Management System (MS) using a methodology based on industry best practices; * Execute control and monitoring of registered risk treatments, following the internally defined methodology and market standards; * Prepare reports and presentations adhering to best practices, internal methodologies, and templates; * Conduct and measure periodic Security and Privacy awareness activities in Cloud through trainings, informational materials, and interactive sessions with employees and/or via the internally defined method; * Develop and maintain up-to-date compliance documentation (including MS maintenance), following market best practices, internal methodologies, and templates; * Implement adherence to standards, legislation, and regulations by performing periodic analyses and measurements based on market best practices, including recording and monitoring findings and their resolutions; * Conduct internal and external audits, coordinating and facilitating interviews between auditors and internal departments, and responding to questions regarding MS requirements; * Support Cloud customer audits focused on information security and privacy, providing guidance and evidence per internal processes; * Address customer inquiries and questionnaires regarding Cloud security and privacy, handling requests and tickets via official support and communication channels; * Execute compliance alignment activities for processes and environments (new or existing) by engaging, guiding, and directing Cloud teams; * Provide consultative support to projects from other areas that may impact any security and/or privacy controls, conducting analyses based on market best practices; * Handle departmental requests using service and activity management tools; * Review contracts and proposals, assessing the applicability of security and privacy clauses; * Document how controls and requirements conform to applicable standards; * Assess contractual clauses involving the Cloud area related to Information Security and Privacy, as well as draft terms and other necessary documentation. Requirements and Qualifications * General Data Protection Law (LGPD); * General Data Protection Regulation (GDPR) – Basic knowledge; * Cybersecurity; * ISO 27001; * ISO 27701; * SOC 1; * Information Security and/or Privacy Audits; * CIS Controls; * Cloud Security Alliance; * Cloud Services; * BACEN Regulation. 2512190202551904269