As an Information Security Specialist at Montreal, you will join one of Brazil's leading technology companies. Our journey began over thirty years ago with a small engineering team passionate about innovation. In 1986, visionary individuals made a commitment to technology and its power to transform the world. That would be just the beginning of a journey that has made us a solid market reference and one of the best companies to work for. **Responsibilities and duties** * Solid knowledge of information security standards and frameworks (ISO 27001, NIST CSF, COBIT, ITIL, etc.); * Ability to develop and maintain organizational security controls; * Understanding of corporate risk management applied to IT and cybersecurity; * Experience in incident management, especially cyber incidents, from procedural and regulatory perspectives; * Familiarity with GRC (Governance, Risk, and Compliance) tools will be considered a differentiator; * Experience in information security, focusing on defining and writing policies, standards, processes, and audits. **Requirements and qualifications** * Completed bachelor’s degree in related fields: Computer Science, Information Systems, Computer Engineering, Computer Networks, Information Security, or related areas. * Postgraduate studies or specialization in Information Security, IT Governance, or Risk Management is desirable; * Creation and updating of corporate information security policies. * Definition, implementation, and monitoring of internal security standards applicable across multiple departments. * Support and interface with internal and external audits. * Conducting information security risk assessments in computing environments. * Creation, implementation, and monitoring of BCP (Business Continuity Plan). * Monitoring regulatory compliance (LGPD, ISO 27001, NIST, COBIT, PCI\-DSS – where applicable). **Certifications** * ISO/IEC 27001 Lead Implementer or Auditor * ITIL Foundation or higher * CISM (Certified Information Security Manager) or CRISC (Certified in Risk and Information Systems Control) * Certifications in security and governance frameworks will be considered a differentiator. **Desirable Differentiators** * Prior involvement in **ISO 27001 implementation projects** or similar. * Experience in **audits, operational risk identification processes, and internal and compliance controls** (internal or external). * Experience in **highly regulated environments** (financial sector). **Additional information** * Health and dental insurance; * Meal or food allowance; * Partnerships and benefits with partner institutions. In continuous development, we foster an environment of collaboration, respect, and ease. **We invest in talent development** and in implementing practices that optimize and connect various technological and innovative aspects.