Job Summary: We are looking for a Senior Information Security professional to lead strategy and governance, protecting environments, products, and data in a dynamic setting. Key Highlights: 1. Lead the implementation and evolution of Information Security policies 2. Serve as a technical and strategic reference for technology teams 3. Dynamic environment focused on innovation We seek a **Senior Information Security** professional to lead security strategy, governance, and evolution at Distrito. This role will play a key part in protecting our environments, products, and data, acting both strategically and technically in partnership with technology and business teams—ensuring compliance, risk mitigation, and security from solution conception, within a dynamic and innovation-driven environment. **Responsibilities and Duties** **Responsibilities:** * Lead the implementation and evolution of Information Security policies * Design and maintain the security governance program (based on ISO 27001, NIST, LGPD) * Conduct advanced risk analyses and propose mitigation plans * Coordinate and execute vulnerability assessments and penetration tests (open-source and commercial tools) * Implement and manage firewalls, IDS/IPS, SIEM, and monitoring solutions * Lead incident response and business continuity plans * Serve as a technical reference for infrastructure and development teams (DevSecOps) * Define security standards for applications, networks, and infrastructure * Conduct internal security awareness training * Support audits, compliance, and regulatory adjustments * Evaluate security vendors and solutions **Requirements and Qualifications** **Prerequisites:** * Bachelor’s degree in IT or Information Security * Minimum of 6 years’ experience in Information Security and Infrastructure * Experience in cloud environments * Technical leadership and decision-making ability * Strong systemic vision and strategic thinking * Excellent communication skills with technical and business areas **Technical Competencies:** * Proficiency in ISO 27001, NIST, and LGPD * Cloud security architecture (AWS, Azure, GCP, or OCI) * Firewall, VPN, IDS/IPS, WAF, and SIEM management * DevSecOps and Secure SDLC * Vulnerability analysis and incident response * Security risk management * PKI, cryptography, SSL/TLS * Identity and access management (IAM) * Monitoring, logging, and event correlation * Patch management and system hardening * Security process automation (Python, Bash, Terraform, etc.) **Behavioral Competencies:** * Technical leadership * Organization and results orientation * Analytical ability * Proactivity * Clear communication * Teamwork * Flexibility * Commitment * Attention to detail **Differentiators:** * Experience with low-cost security strategies * Hands-on experience in LGPD compliance projects * Certifications such as: * ISO 27001 Lead Implementer / Auditor * Security+ * CEH * CISSP * AWS Security **Here, we are \#SangueLaranja!** We have been in the market for 17 years, side by side with our clients, delivering transformative experiences. We are a technology and innovation ecosystem with global expansion; beyond Brazil, we operate in Europe and the UK, with offices in Portugal, London, Dubai, and the Netherlands. **F for Formation: We believe in practicing a culture of knowledge sharing, community spirit, and that knowledge holds the power to transform!** We run initiatives and social actions promoting development, such as the Orange Juice tech community, the Training Program, our leadership school, and multiple partnerships with NGOs and Edtechs. **At FCamara, everyone is welcome; for us, Diversity, Respect, and Ethics are non-negotiable elements embedded in our DNA.** **So, are you ready to join an amazing team and become the protagonist of your own story?**