Senior Information Security Analyst

Description

Job Summary: Senior Information Security Analyst with a focus on Blue Team and Governance, Risk, and Compliance (GRC) to operate and mature security processes, monitoring, incident response, and risk management. Key Highlights: 1. Integrated collaboration with technical and governance teams. 2. Focus on cyber risk reduction and regulatory compliance. 3. Contribution to information security culture and awareness. We are seeking a **Senior Information Security Analyst** with strong technical expertise and a **Blue Team** and **Governance, Risk, and Compliance (GRC)** mindset to support both security operations and the maturity of the organization’s information security processes. This professional will work collaboratively with technical and governance teams, supporting activities related to **security monitoring, incident response, risk management, compliance, and security controls**, thereby contributing to cyber risk reduction and adherence to regulatory and statutory requirements. **Responsibilities and Duties** * Monitor and analyze security events from tools such as **SIEM, EDR, XDR, and corporate antivirus** * Conduct **security incident analysis and response**, including investigation, containment, and lessons learned * Support the operation and review of **technical and administrative security controls** * Conduct and support **vulnerability assessments** and track remediation plans * Support **information security risk management** processes, including risk identification, assessment, and treatment * Contribute to **GRC-related activities**, such as: * Supporting maintenance of information security policies, standards, and procedures * Assisting internal and external audits by providing technical evidence * Tracking action plans and non-conformities * Supporting initiatives related to **compliance with standards and frameworks** (ISO 27001, NIST, LGPD, CIS Controls) * Supporting **Identity and Access Management (IAM)** processes and periodic privilege reviews * Preparing technical reports, security metrics, and process documentation * Promoting **information security culture and awareness** **Requirements and Qualifications** * Prior experience as an Information Security Analyst or in a similar role; * Knowledge of: Fundamentals of **Cyber Security, networks, and operating systems (Windows and Linux);** * **Security log and event analysis;** * **SIEM, EDR/XDR tools;** * Vulnerabilities, CVEs, and system hardening; * Concepts of **Risk Management, Compliance, and Security Controls;** * Basic or intermediate knowledge of **standards and frameworks**, such as ISO 27001, NIST, LGPD; * Certifications are a plus. BAUMINAS Group comprises four companies operating integrally within the Environmental Sanitation industry: BAUMINAS Águas, BAUMINAS Mineração, BAUMINAS Log, and BAUMINAS Hidroazul. The BAUMINAS Group’s DNA balances traditional values with a constant drive for innovation. This has been true since the founding of the Group’s first company in 1961, through national expansion enabled by its 14 manufacturing units, 3 mining operations, and 2 administrative offices. Today, the Group’s companies operate for the benefit of the Brazilian population’s well\-being, contributing to the supply of treated water. In 2021, we celebrated 60 years of operation in absolutely essential sectors, remaining committed to positively transforming our society. We are diverse, synergistic, entrepreneurial—and determined to evolve, always.