···
Log in / Register

CAS | Technology and Cybersecurity Risk Analyst PL

Indeed
Full-time
Onsite
No experience limit
No degree limit
Praça Mal. Deodoro, 174 - Centro Histórico, Porto Alegre - RS, 90010-300, Brazil
Favourites
Share
Some content was automatically translatedView Original

Description

Job Summary: At Sicredi, you'll work in governance of the Technology and Cyber Risk initiatives portfolio, strengthening organizational resilience in a collaborative environment. Key Highlights: 1. Governance of the Technology and Cyber Risk portfolio 2. Collaborative environment offering opportunities to learn, influence, and grow 3. A pivotal role in promoting clarity and execution discipline If you believe that strengthening digital resilience and enhancing technology and cybersecurity risk management is essential to ensuring available, secure, and sustainable financial services, this opportunity may be your next step. At Sicredi, you will support governance of the Technology and Cyber Risk initiatives portfolio, contributing to enhanced organizational resilience. In a collaborative environment offering space to learn, influence, and grow, your role will involve close partnership with multiple internal areas, as well as support to cooperatives and central entities. As part of the second line of defense, you will play a fundamental role in promoting clarity, execution discipline, and critical thinking—contributing to increased control maturity, process improvement, and assurance that technology and cyber risks are managed robustly, transparently, and effectively. **Responsibilities and Duties** Responsibilities: * Support maintenance and evolution of Technology and Information Security policies, standards, and procedures. * Contribute to defining and updating risk governance processes aligned with frameworks (ISO 27001, NIST CSF, SOC2, ITGC, etc). * Assist in ensuring clarity of responsibilities (RACI) among Cyber, Technology, Product, and Business teams. * Conduct continuous monitoring of GRC-related KPIs and KRIs, preparing tracking materials and executive reports. * Conduct Risk Assessments and GAP Assessments based on recognized frameworks (ISO 27001, NIST, etc.). * Support regulatory assessments, partner due diligence, and risk reviews involving technological and cybersecurity controls. * Consolidate technical and non-technical findings into structured analyses, highlighting impacts and recommendations. * Ensure consistency among area assessments, internal audits, external audits, and risk decisions. * Guarantee organization, quality, and traceability of evidence and control artifacts, following the principle “test once, report many”. * Support internal and external audits by providing information and evidence in a structured and timely manner. * Contribute technical analyses supporting leadership decision-making on risk topics, control posture, and prioritization. * Provide support to Technology and Business areas in interpreting audit requirements, controls, and compliance obligations. * Support alignment of governance and risk initiatives with the organization’s GRC operational model. **Requirements and Qualifications** **Requirements and Qualifications (Mandatory)** * Bachelor’s degree completed in Information Technology, Information Security, Engineering, Computer Science, Information Systems, or related fields. * Practical knowledge of frameworks and standards: ISO 27001/27002, NIST CSF, NIST 800\-30/53, COBIT, SOC 2, ITGC. * Practical knowledge of security controls: IAM, PAM, DLP, Backup, Vulnerability Management, EDR, SIEM, SOC, Cloud Security (AWS/Azure/GCP). * Experience in technology risk governance and management. * Knowledge of Central Bank regulatory requirements. **Tools and Data Knowledge (Desirable)** * GRC platforms: ServiceNow GRC, Archer, OneTrust. * Collaboration and management tools: Jira, Confluence. * Data visualization: Power BI, Looker Studio. * Data analysis: Advanced Excel, SQL (a plus). * Consolidation of indicators (KPIs/KRIs) and dashboard development for risk monitoring. **Desirable Experience in** * Execution of Risk Assessments and GAP Assessments (ISO 27001, NIST). * Technology and cyber risk assessments. * Preparation of evidence for internal and external audits (ITGC, SOX, SOC2\). * Support for regulatory and partner evaluations (due diligence). * Consolidation of risks into executive-level views and preparation of committee reports. **Certifications \- Preferred** * ISO 27001 Lead Implementer / Lead Auditor * CompTIA Security\+ * CRISC * CGRC (ISC2\) * COBIT Foundation * CCSK (Cloud Security Alliance) * Cloud certifications (AWS/Azure/GCP – foundational level) **Cultural Preferences** * Critical thinking to propose structural improvements to processes and controls. * Ability to translate technical content into actionable business insights. * Collaborative mindset and active participation in technical and multidisciplinary forums. **Behavioral Competencies** * Structured thinking and focus on governance * Clear communication and ability to influence without formal authority * Organization and discipline in managing multiple concurrent projects * Strong collaborative posture oriented toward facilitation and integration * Systemic vision and ability to propose improvements * Adaptability amid shifting priorities * Ease of working in a diverse environment **Additional Information** **At the Sicredi Administrative Center (CAS)**, for positions in business areas, we adopt a hybrid work model consolidated as 3 days onsite at the company headquarters located at Av. Assis Brasil, 3940, São Sebastião, Porto Alegre/RS, and 2 days remote. For Tech area positions, we adopt a fully remote work model. --------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------- \_\_\_\_\_\_\_\_\_\_\_\_\_\_\_\_\_\_\_\_\_\_\_\_\_\_\_\_\_\_\_\_\_\_\_\_\_\_\_\_\_\_\_\_\_\_\_\_\_\_\_\_ At **Sicredi**, you’ll enjoy: 14th and 15th fixed salaries; Profit-sharing (based on seniority); Health and dental plans with no co-payment; Well-being programs via Wellhub (formerly Gympass), Nutrition, Psychology, Occupational Health, Massage, Running Group, and local gym; Meal and Food Allowance—with flexible % allocation across VA/VR cards and no co-payment; Extended maternity and paternity leave; Childcare or babysitter allowance for children up to 6 years and 11 months; Allowance for children with disabilities, with no age limit; Life insurance; Private pension plan up to 8% of salary; Training platform – Sicredi Aprende, offering diverse courses; 40-hour weekly workload – using a time-banking system; Remote Work Allowance (except for positions requiring 100% onsite presence). **Nice to meet you—we are Sicredi.** Our journey began over 120 years ago as Brazil’s first cooperative financial institution. Today, we continue growing and transforming daily alongside **more than 50,000 employees**. It is they who make us the **Best Place to Work**, again ranking first according to Great Place To Work Brasil (GPTW). Together with **over 10 million members** across all Brazilian states, we believe in the power of cooperation to **build a more prosperous society and generate positive impact in people’s lives**—a purpose that unites and inspires us, promoting local and sustainable development, education, and financial inclusion. We continue seeking talents who wish to help build a better world—and we want you on board. **\#VemSerSicredi!**

Source:  indeed View original post
João Silva
Indeed · HR

Company

Indeed
Cookie
Cookie Settings
Our Apps
Download
Download on the
APP Store
Download
Get it on
Google Play
© 2025 Servanan International Pte. Ltd.