Senior Cybersecurity Auditor

Description

Job Summary: Conduct internal audits to assess the effectiveness of risk management, control, and governance processes, ensuring compliance with the annual audit plan and maintaining high-quality audit activities. Key Highlights: 1. Independent and systematic assessment of risks and governance. 2. Preparation of technical and executive reports for stakeholders. 3. Development and monitoring of risk indicators. The Internal Audit function is responsible for supporting the achievement of corporate objectives by independently, systematically, and objectively evaluating the effectiveness of risk management, control, and governance processes. At a minimum, the following must be assessed: * Effectiveness of the internal control system, risk management framework, and corporate governance; * Integrity of management information; * Compliance with subordinate regulations, recommendations from regulatory bodies, and the company’s ethics and conduct policy; * Safeguarding of assets and activities related to the institution’s finance function. **Responsibilities and Duties** * Ensure timely execution of assigned annual audit plan activities according to complexity; * Support development of work schedules for assigned tasks; assist junior team members in executing their activities and tasks; * Align audit scope and define testing procedures with the team to achieve optimal results; * Conduct audit tests through interviews, process mapping, document collection and analysis, and database review to evaluate the effectiveness of the internal control environment; * Ensure timely completion of assigned audit tests during audit engagements; * Prepare technical and executive reports (including methodology used, executive summary, and detailed findings); * Conduct technical and executive meetings to present results to stakeholders using objective, clear, and concise communication; * Monitor and validate action plans and respective deadlines to address risks identified by Internal Audit, according to complexity; * Maintain quality in all activities and ensure adherence to internal audit methodology and standards (objectivity, integrity, confidentiality, and professional diligence); * Develop and monitor risk indicators, as well as interact with audited teams to collect action plans; * Take ownership and assume responsibility across multiple topics both within and outside Internal Audit. **Requirements and Qualifications** * Bachelor’s degree in Technology-related fields; * Master’s degree preferred; * Experience in internal auditing of technology and information security; * Proficiency in international internal audit standards; * Proficiency in process, system, and control mapping for risk identification; * Proficiency in technology and information security practices, processes, and controls; * Expertise in IT governance frameworks (COBIT, ITIL), and best practices in technology and cybersecurity (ISO 27001/2, NIST, CIS CONTROLS, PCI DSS, LGPD, Cloud Standards, etc.), as well as business processes (COSO); * Knowledge of data analytics tools (Power BI, SAS, Tableau, among others). **Preferred Qualifications** * Certifications in Technology and Information Security; * Knowledge of web, mobile, infrastructure, and endpoint penetration testing methodologies and techniques; * Knowledge of computer network infrastructure, information security solutions (DLP, CASB, SIEM, etc.), and system development (OWASP, SDL, etc.); * Familiarity with vulnerability assessment and penetration testing tools such as Nessus, Qualys, Kali Linux, Acunetix, Nexpose, Sqlmap, BurpSuite, etc.; * Knowledge of the company’s main products and key regulatory requirements. **Additional Information** **BENEFITS** **Flexible Meal and Food Allowance;** **Health Insurance Plan;** **Dental Insurance Plan;** **Wellhub and TotalPass;** **Exclusive Bio Ritmo Gym for Employees:** located at the Head Office Complex; **Profit Sharing Program (PLR);** **Stock Ownership Program: Porto em Ação:** complementary to PLR; **Sand and Multipurpose Sports Courts:** located at the Head Office Complex; **Transportation Allowance;** **Van Transportation Services;** available at major access stations to Porto (Luz, Barra Funda, Santa Cecília, and Júlio Prestes); **Extended Parental Leave:** up to 40 days for all family configurations; **Extended Maternity Leave:** six months; **Medical Clinic with Specialties:** located at the Head Office Complex and Barra Funda; **Childcare or Babysitter Assistance;** **Life Insurance;** **Private Pension Plan – PortoPrev;** **Discounts on Products and Services;** **Tuition Reimbursement Program:** for undergraduate, graduate, or MBA studies; **Monthly Running Subsidy:** for major street races in São Paulo; **Language Learning Reimbursement (English or Spanish);** **Teatro Porto:** exclusive screenings for employees; **Library;** **Rest Room:** at the Head Office Complex; **Game Room:** at the Head Office Complex; **Massage and Podiatry Services:** at the Head Office Complex; **Work Location:** Av. Rio Branco, 1489 – Campos Elíseos, São Paulo – SP, 01205-001; **Work Model:** 4x1 – four days onsite and one day remote. Porto is far more than an insurance company: it is a massive ecosystem leveraging technology to create solutions across four business verticals: **Porto Bank, Porto Saúde, Porto Seguro, and Porto Serviço**. Its reputation and recognition built over more than seven decades underscore Porto’s scale — a business reference company, built by and for people. Here, 13,000 employees proudly belong to a solid, ethical organization that transforms dreams into fantastic realities for our 15.8 million+ customers. We operate through over 101 branches and regional offices across Brazil. Learning is embedded in our DNA. Here, you’ll find **incentives, tools, and great people to learn and grow every day**, in a welcoming and secure environment where everyone can truly be themselves and take pride in who they are — fostering respect and **living fully and well-being in a genuinely human company.** **DIVERSITY & INCLUSION AT PORTO** At Porto, we value diversity and believe that a plural team is essential for the development of our entire business, society, and each individual. We recognize that every person is unique in building a more innovative and inclusive environment. Together, we work daily to build a safe, free, and welcoming space with greater plurality and respect. Therefore, we **strongly encourage applications from women, Black and Indigenous individuals, persons with disabilities, and LGBTQIA+ individuals** for all our job openings.