Job Summary: Professional to support and advance the Information Security area, working on risk management, policies, governance, and awareness. Key Highlights: 1. Key role in maintaining and continuously improving security controls. 2. Development of security policies aligned with global frameworks. 3. Planning and execution of Security Awareness campaigns. **Position Summary** The professional will be responsible for supporting and advancing the Information Security area, directly engaging in risk management, policy management and review, cybersecurity governance, and awareness programs (Security Awareness). They will play a critical role in maintaining and continuously improving the security control environment, seeking alignment with international best practices and frameworks (e.g., ISO 27001, NIST CSF, COBIT, LGPD). **Main Responsibilities** **1\. Information Security Risk Management** Conduct processes for identification, analysis, assessment, and treatment of security risks. Perform periodic risk assessments across systems, projects, vendors, and internal processes. Monitor action plans and ensure risks are mapped and tracked. Support impact analyses and prioritization of security initiatives. **2\. Management of Policies, Standards, and Procedures** Develop, review, and maintain the set of information security policies aligned with global frameworks. Ensure version control, communication, and organizational adherence to policies. Support internal departments in creating operational procedures and best-practice guidelines. Conduct annual review cycles for corporate policies. **3\. Cybersecurity Governance** Monitor and track security indicators, metrics, and KPIs. Prepare executive reports and dashboards for senior leadership and risk committees. Support internal and external audits, addressing identified gaps. Contribute to maturity assessments (e.g., NIST, ISO, CIS). Support development and maintenance of the Information Security Master Plan (PDSI). **4\. Security Awareness Program** Plan and execute internal security awareness campaigns. Develop educational content (videos, emails, presentations, e-learning paths). Conduct phishing simulations and report engagement and improvement metrics. Collaborate with internal communications teams to strengthen security culture. **Technical Requirements** Knowledge of frameworks: ISO/IEC 27001/27002, NIST CSF, CIS Controls, COBIT. Understanding of risk principles (ISO 31000, qualitative and quantitative methodologies). Experience in developing and reviewing policies, standards, and guidelines. Familiarity with LGPD, privacy, and compliance requirements. Familiarity with risk management tools, GRC platforms, or corporate workflow systems. Bachelor’s degree in Information Technology, Information Security, Engineering, Administration, or related fields. Desirable: certifications such as ISO 27001 Lead Implementer/Auditor, Security+ (CompTIA), COBIT Foundation, among others. **Behavioral Competencies** Strong written and verbal communication skills. Organizational skills and ability to prioritize effectively. Analytical mindset with process orientation. Proactivity and ownership mindset. Ability to interact effectively with technical and business units. **Employment Model: Individual Contractor (PJ)** **Work Model: Hybrid** **Location: Avenida Faria Lima – São Paulo/SP