Cyber Risk Coordinator | Information Security

Description

Job Summary: A professional responsible for managing cyber risks, optimizing security measures, and aligning security with business objectives to protect Globo's critical video infrastructure. Key Highlights: 1. Manage cyber risks to protect Globo's vital operations. 2. Evaluate the cost-benefit of cybersecurity measures. 3. Coordinate third-party cyber risk management. Our Technology area is a fundamental pillar of our business, driving our digital transformation. Here, we build technology solutions by continuously envisioning and developing automation techniques and processes—whether to enhance our teams' work experience or increase our products' and services' delivery capacity. We are responsible for a massive infrastructure supporting Globo's main video products, such as Globoplay, Premiere, and Globo Channels. Additionally, we handle live broadcasts of major events—from state football championships and the FIFA World Cup to the Olympics, Rock in Rio, and even the 24x7 live cameras of Big Brother Brasil, available to all Globoplay subscribers. We create inclusive environments where everyone feels welcomed and valued. We strive to make Globo increasingly diverse—in representation and thinking—learning from one another and fostering creativity and innovation. **Responsibilities and Duties** **Your Day-to-Day Will Include:** * Understand how various cyber risks may impact Globo's operations, prioritizing efforts to protect the most vital aspects of the business and minimize potential disruptions, data breaches, non-compliance, financial penalties, or damage to brand and/or reputation; * Assess the potential impact of cybersecurity risks on critical business processes and functions; * Evaluate the cost-benefit relationship of cybersecurity measures relative to possible losses, weighing expenses associated with implementing security controls against the financial and operational impact of a security incident, thereby optimizing resource allocation to achieve maximum risk reduction efficiency; * Align cyber risk management with business objectives, understanding strategic goals and ensuring cybersecurity measures are harmoniously integrated; * Coordinate the identification and classification of third-party cybersecurity risks and their impacts; * Coordinate the collection of third-party cybersecurity risk assessment data and conduct cybersecurity risk assessments for critical third parties, as needed; * Implement and evolve the third-party cybersecurity risk monitoring and management system, as defined in contracts with third parties and according to the Supplier Information Security Policy; * Develop remediation plans, collaborating with other company leadership to balance security requirements with the need for agility, innovation, and business growth—ensuring that recommended security tools or other compensating controls reduce identified risks to an acceptable level; * Provide training/guidance to stakeholders across Globo to foster a strong risk awareness culture. **Requirements and Qualifications** **What You Need:** * Bachelor’s degree in: Information Systems, Computer Science, Business Administration, or related fields; * Minimum 5 years of experience in IT auditing, enterprise risk management (ERM), or cyber risk management; * Minimum 5 years of experience identifying and assessing organizational business risks, risk management frameworks, and information security management frameworks—with focus on prioritizing efforts to protect vital aspects and minimize disruptions; * Solid knowledge of cybersecurity standards, including but not limited to ISO 27005, OpenFAIR, NIST RMF, IRAM, TOGAF, NIST CSF, and ISO/IEC 27001; * Proven track record conducting Cost-Benefit Analyses of Security Measures, including evaluating the cost-benefit ratio of cybersecurity measures against potential business losses. * Experience with cybersecurity principles and practices—including risk management, security controls, and business continuity—such as ISO 22301, Disaster Recovery Institute (DRI) Professional Practices, and Business Impact Analysis (BIA) development; * Demonstrated experience integrating cyber risk management with overall business strategy, ensuring alignment with organizational objectives; * Experience with compliance, security audits, and risk mitigation plans; * Extensive knowledge of third-party cyber risk management and governance concepts; * Experience assessing third-party risks, conducting and responding to due diligence procedures, and developing questionnaires for assessing cybersecurity risks of business third parties; * Effective communication skills, with ability to articulate complex technical concepts to non-technical audiences; * Ability to effectively influence others—modifying opinions, plans, or behaviors in a structured and efficient manner based on analyzed data and facts; * Proficiency in presentation techniques, enabling the construction of narratives and stories through presentations; * Experience influencing third parties and managing third-party relationships; * Knowledge of analytical methods and proficiency in data analysis; * Familiarity with technologies and tools (e.g., financial rating services, security rating services, integrated risk management platforms, third-party risk management platforms, etc.) that support evaluation of financial and operational risk associated with current and prospective suppliers. **Knowledge That Sets You Apart:** * Certifications in risk management and information security, such as: Certified Information Security Manager (CISM), Certified in Risk and Information Systems Control (CRISC), Certified in Risk Management Assurance (CRMA), or Open FAIR Part-1. * Intermediate or advanced English proficiency. **Additional Information** **Why Join Globo:** Come and let’s create stories and technologies together. At Globo, the convergence of storytelling and technology drives a diverse and innovation-passionate team. We have the opportunity to bring Brazilians closer together by creating new ways to connect with them. Here, everyone makes transformation happen. Our selection processes are fully remote. \#vempraglobo Want to learn more about working at Globo? Follow our daily life, challenges, and achievements on our social media: https://www.linkedin.com/company/globo https://www.instagram.com/vempraglobo https://www.youtube.com/c/VemPraGlobo/ Your personal data will be used solely for candidate selection purposes for open positions at Globo. Personal data collected during the selection process of candidates not hired at this time may be retained in our databases for consideration in future selection processes. All collected data will be processed under strict information security standards and in full compliance with applicable privacy laws—including Law No. 13,709/18—and in accordance with our Privacy Policy, available at: https://vempraglobo.g.globo/files/politica\_de\_privacidade.pdf By proceeding, you acknowledge and agree to your application being processed under these terms. Globo is built by people who want to do things differently, collaboratively, and shape the future. People spread across Brazil (and the world!) working in content, news, business, technology—all with Brazilian identity and abundant talent. Open and pay TV channels, digital products such as Globoplay, Cartola, G1, Ge, Gshow, and other services are all unified in one place. **At Globo, the convergence of storytelling and technology drives a diverse and innovation-passionate team.** **We have the opportunity to bring Brazilians closer together by creating new ways to connect with them.** **Here, everyone makes transformation happen.** Want to be part of this transformation too? \#VemPraGlobo ;)