Information Security Manager

Description

Job Summary: We are seeking a Mid-level Information Security professional to structure and enhance our cybersecurity posture, with strategic involvement and hands-on collaboration alongside technical teams. Key Highlights: 1. Strategic participation in defining cybersecurity guidelines. 2. Support in LGPD compliance and interpretation of pentest reports. 3. Collaboration in DevSecOps and implementation of security policies. We are expanding and looking for a Mid-level Information Security professional to support the structuring and evolution of cybersecurity at Arista Digital. This role will involve strategic participation in guideline definition, as well as practical engagement with technical and management teams, ensuring our environments become increasingly secure and resilient. **Responsibilities** * Implement and maintain information security policies, processes, and controls. * Support LGPD compliance initiatives (data subject rights, data breaches, responsibilities). * Respond to customer and supplier security assessments. * Interpret pentest reports and support vulnerability remediation. * Collaborate with development teams on DevSecOps practices. * Recommend security best practices regarding tokens, encryption, anonymization, and environment segmentation. * Develop security architecture documentation (applications, data, networks, logs). * Conduct security and privacy awareness training. * Establish security log auditing and monitoring processes. * Lead incident response alongside technical teams and support business continuity planning. **Requirements** * Proven experience in Information Security or Cybersecurity (mid/senior level). * Knowledge of frameworks such as ISO 27001, NIST, OWASP. * Experience with cloud security (AWS, GCP, or Azure). * Familiarity with DevSecOps, secure CI/CD, and vulnerability management. * Strong communication skills for interaction across diverse areas (end users, technical staff, and managers). **Preferred Qualifications** * Certifications such as ISO 27001, LGPD, CISSP, CISM, CompTIA Security\+. * Experience with SIEM, IAM, and monitoring tools. * Experience in incident response and business continuity.