We are looking for professionals eager to innovate and grow with Every Cybersecurity! We are a solid company operating in **Privacy, Information Security, and Governance, Risk, and Compliance (GRC)**, with a full focus on **customer satisfaction**. We have a **visionary leadership team**, a **collaborative workforce**, and an **excellent organizational climate**. **On-site position – Brasília** Join us to **\#BeHappy at Every Cybersecurity!** **Responsibilities and Duties:** * Develop a methodology for managing processes within an information security management system, including incident management, vulnerability management, and information security risk management; * Conduct the information security risk management cycle with clients; * Create/review information security policies, as well as all regulatory documents comprising the information security documentation framework; * Perform gap analysis using leading industry frameworks as normative references; * Develop an information security/cybersecurity master plan; * Develop business continuity plans, operational continuity plans, Business Impact Analyses (BIA), and other documents supporting business continuity management; * Design and implement controls required for an information security management system; * Support/conduct business process/operational workflow modeling based on interviews with responsible stakeholders; * Identify threats and vulnerabilities that compromise corporate information; * Support/validate with clients and formally record all agreed-upon events via meeting minutes or action logs; * Provide necessary resources for technical training and professional development of security team members; * Lead a security requirements assessment process aligned with ISO 27001 and ISO 27701 requirements; * Generate reports on information security compliance and/or maturity based on the security requirements assessment process, and develop remediation action plans—including recommendations for implementing security controls, processes, and tools for clients; * Deliver training sessions on current information security topics to raise awareness and foster a security-oriented culture; * Ensure the effectiveness and sustainability of organizational activities fulfilling mandatory requirements defined by the Information Security area’s strategy. **Requirements and Qualifications:** * Experience creating and reviewing security policies, standards, processes, and procedures; * Knowledge of conducting internal audits and preparing audit reports and related documentation; * Familiarity with computer network infrastructure; * Analytical thinking, business acumen, strong interpersonal communication skills, and ability to handle complex tasks; * Knowledge of security and technology frameworks and regulations, including ISO 27001, ISO 27701, NIST Cybersecurity Framework (CSF), CIS Controls, and MITRE ATT&CK®; * Experience performing gap analysis using security frameworks; * Experience in information security risk management; * ISO 27001 certification is desirable; * ISO 27005 certification is desirable.