**We are looking for someone who dares to take the lead with us.** **Responsibilities and duties:** The focus is on independent validation of controls, risk monitoring, and support for governance, aligned with the second line of defense. * Conduct independent assessments of cyber controls, validating understanding and information provided by the first line of defense. * Act as the second line of defense, performing supervision, governance, and reporting of cyber risks. * Conduct security risk assessment and validation, ensuring compliance with policies, internal standards, and regulatory requirements. * Support the definition, review, and monitoring of the Information and Cybersecurity Framework (policies, standards, controls). * Monitor cyber controls implemented by the first line of defense and identify gaps, deviations, and remediation actions. * Develop and maintain cyber risk indicators, dashboards, KRIs, and KPIs. * Participate in corporate risk management processes, conducting qualitative and quantitative analyses of threats, vulnerabilities, and impacts. * Participate in third-party risk assessments (TPRM) and risk analyses for new projects, products, and integrations. * Conduct incident analyses from a risk perspective and ensure proper recording, classification, and lessons learned. * Support compliance processes related to LGPD, privacy controls, and data governance. * Support the preparation of executive reports for committees, senior management, and audit/risk departments. **Requirements and qualifications:** \*\*\*\*\*Mandatory technical knowledge: * Intermediate technical English * Completed or ongoing undergraduate degree in IT or related fields * Solid foundations in Information Security, cyber risks, and key frameworks (NIST CSF, ISO 27001, CIS). * Experience in risk management, including cyber risk assessment, classification, and treatment. * Knowledge of security controls (IAM, MFA, antivirus/EDR, patch management, hardening, logging, backup, network segmentation). * Experience with Information Security policies, standards, and processes. * Understanding of security architecture and infrastructure (AD, networks, cloud, endpoints). * Knowledge of LGPD principles and privacy best practices. * Ability to interpret technical reports (vulnerabilities, SOC, incidents) and translate them into risk terms. * Familiarity with third-party risks (TPRM) * Knowledge of business continuity and BC/DR **Desirable:** \*\*\*\*\*Desirable technical knowledge: * Prior experience with the second line of defense or Information Security governance functions. * Certifications such as ISO 27001 Lead Implementer/Lead Auditor, Security+, Cyber Security Foundation, LGPD Foundation. * Knowledge of financial/insurance sector regulations (SUSEP, BACEN, CVM, etc.). * Experience with cloud security (Azure). * Understanding of incident response and root cause analysis. * GRC office tools: Advanced Excel (for KRI dashboards), Power BI or similar for visual reporting. * Knowledge of AI in cybersecurity **Additional information:** * For your health, we offer **medical and dental assistance** with no co-payment for exams and consultations. * Want more well-being? We offer **Gympass** and **Zenklub** (with two free sessions per month) to help you care for your physical and mental health. * When hunger strikes, use our meal benefit **Caju** to shop at any supermarket or restaurant. * Love to travel? Here we have **Férias & Co**, a benefit that helps make your dream trip a reality. * Have children? Count on our **childcare allowance**. * Growing family? We offer **MomCare**, a flexible monetary incentive post-maternity leave for new Datunian mothers. * To personalize your workspace, count on our **home office allowance**. * Want to invest in your professional development? We partner with several renowned educational institutions to offer you discounts of up to 70% on **undergraduate**, **postgraduate**, **MBA**, **language**, and many other courses! **To learn about all our benefits, visit the homepage of our careers page.**