Description: Education: * Bachelor's degree in IT or related fields required; * Master's degree in IT Governance or certifications such as Lead Auditor preferred; * Proficiency in ISO 27K, LGPD, and BACEN regulations (focus on security); * Familiarity with SOX, PCI/DSS, COBIT, ITIL, Scrum/Agile; Experience: * Experience conducting audits against ISO 27K, SOC 2, LGPD/GDPR; * Control matrix, test design, sampling, evidence collection, and action plans; * Continuous Compliance / GRC: hands-on experience with processes (definition and dissemination) and organizing workflows, goals and scores, acceptance criteria, and implementation in control tools; * Automation & Data: ability to create checkers/routines (e.g., Python/SQL or no/low-code), API queries, spreadsheets/dashboards (Looker Studio), and evidence versioning; * Process acceleration supported by AI, generating a knowledge base for audit responses; * Typical integrations: IAM/SSO, MDM/EDR, Cloud (AWS/Oracle), Jira/Confluence, repositories (Git), DLP, SIEM; * Excellent writing skills for customer security questionnaires (due diligence). Tools: * Reporting and charting tools; * Generative AI, agents, automations; * Internal audit program: planning, defining scope and criteria; executing control tests; documenting findings, severity levels, and tracking action plans (owner & due date); * External audit support (customers, certification bodies, partners): managing question backlogs, automated evidence collection, providing technical and business responses, cross-departmental orchestration, and deadline control; * Compliance automation: mapping controls and connecting data sources (e.g., IAM, MDM/EDR, Cloud, Jira/Confluence, repositories), creating checkers/scripts and dashboards for evidence status; * Evidence management: versioning, validity/expiry dates, audit trails, catalogs and templates; maintaining control matrix and traceability matrix (requirements-controls-evidence); * Standardization: creating playbooks and templates (customer RFI/RFPs, standard responses, mandatory attachments, executive reports); * Risk & Compliance: consolidating findings into the risk register, prioritizing mitigation actions, tracking closure SLAs, and reporting to governance (Security Committee); * Training & Awareness: quick guides for control owners, training on evidence collection and best practices for responses; * LGPD integration: supporting mandatory reporting, consent management, data subject requests, and third-party management (due diligence, contractual clauses); * Metrics & Continuous Improvement: monitoring KPIs (below), conducting post-audit retrospectives, and implementing improvements. 2512210202551876318