We are seeking a Senior Information Security Analyst with both strategic and operational expertise, responsible for designing, enhancing, and maintaining the Information Security Management System (ISMS), ensuring regulatory compliance, maturity in governance, risk management, and controls, as well as linking technical risks to business decisions—with a focus on continuous improvement and real-world impact: security without bureaucracy. **Responsibilities and Duties** * Develop, review, and maintain information security policies, standards, internal controls, manuals, and procedures. * Support the design, implementation, and evolution of the ISMS based on ISO 27001. * Ensure compliance with regulations, security standards, and frameworks. * Continuously assess threats and vulnerabilities, supporting the Information Security roadmap. * Coordinate security incident investigations and responses. * Deliver training and awareness initiatives on Information Security across internal departments. * Review, monitor, and provide visibility into action plans related to information security risks. * Assess regulatory and operational risks related to Information Security. * Integrate information security risk management into organizational maturity domains. * Lead and promote the Information Security Risk Committee to support decision-making. * Define, track, and report KRIs (Key Risk Indicators). * Drive continuous improvement of Information Security risk and control processes. * Support the implementation and evolution of the GRC (Governance, Risk, and Compliance) initiative. * Conduct internal and external Information Security audits. * Develop and keep up-to-date processes, operational workflows, and tools for assessing security and privacy risks. * Critically evaluate IT and security services from an LGPD perspective. * Actively participate in Security and Privacy Committees, influencing strategic decisions. **Requirements and Qualifications** * Bachelor’s degree in Information Security, Computer Engineering, Information Systems, Systems Analysis, or related fields. * Proven experience in developing and implementing information security policies, standards, and procedures. * Solid experience in Risk Management. * Knowledge of NIST CSF and CIS Controls. * Experience working in regulated environments and security governance. **Additional Information** **Salary:** To be negotiated **Benefits:** Transportation Allowance (VT), Meal Voucher (VR), WellHub, and SESC Membership **Working Hours:** Monday to Friday, from 09:00 to 18:00 **Work Model:** On-site – East Zone/São Paulo