SENIOR CYBERSECURITY ANALYST

Description

Job Summary: Senior Cybersecurity Analyst III plans, implements, and evaluates information security measures, focusing on data integrity and confidentiality, mitigating risks, and ensuring compliance with applicable legislation. Key Highlights: 1. Work securely with GenAI solutions and tool governance 2. Define technical security standards and guidelines 3. Facilitate workshops and promote responsible AI **LOCALIZA\&CO** Continuous evolution has brought us here. Alongside diverse talents and multifaceted skills, we connect to pursue our shared motivation: building the future of sustainable mobility. By valuing each individual’s uniqueness, we drive our collective momentum to achieve extraordinary results, develop our operations, and create solutions for our customers. We are passionate about our history, our ideas, and our ability to bring them to life. We know that together, we go further. This is how Localiza\&Co connects with the future. **WHAT YOU WILL DO AS A** **CYBERSECURITY ANALYST III** * Plan, implement, monitor, and evaluate actions related to the Company’s information security program, development of regulatory norms governing behavior and control mechanisms to safeguard data and processes, ensuring integrity, confidentiality, and availability, while mitigating risks and consequences of potential data compromises — including data protection and compliance with applicable data protection legislation. **BENEFITS OF THIS POSITION** * Profit Sharing * Food Allowance * Meal Voucher * Health Insurance * Dental Insurance * Gympass * Private Pension Plan * Transportation Allowance * Allya * Unlimited access to numerous courses offered by Localiza University * Internal training and development programs * Discounts on vehicle purchases and rentals **Experience what it means to be Localiza\&Co and help build the future of mobility with us!** **Responsibilities and Duties** **1\) Security Standards, Policies, and Governance for AI Agents** * Define and maintain corporate security standards for AI agents, including requirements for confidentiality, integrity, availability, privacy, content retention, and auditing. * Establish secure usage guidelines (prompt hygiene, data classification, DLP for prompts/outputs, blocking of sensitive content, use of guardrails). * Support creation/update of AI compliance and risk management frameworks (including risk mapping, acceptance criteria, and compensatory controls). **2\) Market Best Practices \& Hardening** * Evaluate, select, and implement applicable GenAI security best practices: secure RAG, context isolation, AI observability, A/B testing with security gates and guardrails. * Contribute to reference architectures (multi\-tenant/multi\-model) and secure integration standards (API gateways, tokenization/pseudonymization, masking). **3\) Roles and Responsibilities of AI Agents and Teams** * Model roles and responsibilities for AI agents (e.g., researcher, executive summary generator, customer service assistant) and human teams (Use Case Owner, Security Owner, Data Owner), including a full lifecycle RACI matrix. * Define criteria for approval, periodic review, and decommissioning of agents and their contextual content (knowledge bases, prompts, tools). **4\) Agent Access Management (IAM/CIEM for AI)** * Design and operate IAM models for agents: principle of least privilege, separation of duties, scope control, secret/token expiration/rotation, end\-to\-end logging and audit trails. * Define agent onboarding/offboarding workflows, entitlement reviews, and recertifications of access to sources (data, APIs, repositories, tools). **5\) Operational Security, Monitoring, and Response** * Implement AI agent observability (telemetry, explainability/interpretability where applicable, security/quality metrics). * Conduct risk assessments, security testing (prompt injection, data leakage, jailbreak), and incident response playbooks involving AI agents. **6\) Enablement, Stakeholder Management, and Secure Adoption** * Facilitate workshops/training sessions and act as a responsible AI evangelist, supporting business areas in secure adoption. * Support business cases and roadmaps for AI use cases, incorporating risk assessment and controls from the design phase (Security \& Privacy by Design). **Requirements and Qualifications*** Experience in Information Security with focus on cloud environments and API integrations, IAM, DLP, encryption, tokenization, and auditing. * Experience with governance of tools and security controls in GenAI solutions (Copilot, OpenAI/ChatGPT, Azure OpenAI or equivalents), including guardrails and usage policies. * Practical understanding of secure RAG, AI observability, and specific risk assessments (bias, drift, leakage, prompt injection). * Ability to define technical standards and guidelines, and to conduct architecture assessments and reviews from a security perspective. **Additional Information** **Desirable Requirements** ------------------------- * Experience with multi\-agent systems, agent orchestration, and Model Context Protocol (MCP). * Familiarity with regulatory compliance (e.g., AI Act/sectoral self\-regulation) and participation in AI ethics/risk forums. * Knowledge of ISO/IEC 42001:2023 standard **Soft Skills** --------------- * Negotiation skills across multiple stakeholders (business, legal, privacy, IT, data, vendors), balancing delivery speed with risk/control requirements. * Technical influence and executive communication to build consensus around responsible AI standards. * Systems thinking to balance performance, cost, ethics, and compliance in AI solutions. * Change management and large\-scale evangelization of secure GenAI practices. We are one of the **world’s largest and most comprehensive mobility platforms**, bringing together diverse innovative and efficient solutions. This achievement stems from the extraordinary work of over **20,000 employees** across more than **900 agencies** in Latin America. We believe movement drives transformation, which is why we encourage continuous development among our employees. **We contribute to a more sustainable, diverse, and inclusive world.** ### **THE L\&CO WAY** * We develop and recognize our team by encouraging high performance * We genuinely care for one another and enjoy the journey * We build together with trust and open dialogue, embracing final decisions * We delight others with simple, surprising friendliness * We innovate based on customer needs, experimenting to evolve * We prioritize customers and cultivate long\-term relationships * We generate exceptional value with a long\-term vision * We do more with less, increasing our productivity * We contribute to a more sustainable, diverse, and inclusive world * We act boldly, tenaciously, and humbly * We decide swiftly and act autonomously and responsibly * We pursue excellence with simplicity ### **JOIN US AS \#SANGUEVERDE** We believe in the unique value of every person. We celebrate differences and open doors so everyone can grow and fulfill their dreams. **Join us and become part of a team that transforms opportunities into achievements!**