Browse
···
Log in / Register
Job Summary: Our Information Security team seeks a professional focused on risk management and internal security controls, monitoring threats. Key Highlights: 1. Risk management and internal information security controls implementation 2. Leading the Information Security Risk Management process 3. Supporting audit, compliance, and governance processes If you’re eager to learn new things and thrive in a dynamic, challenging environment, this could be your opportunity! Our **Information Security** team’s mission is to implement and maintain an information security management system that ensures confidentiality, integrity, and availability of business-critical information, while supporting and guiding Asaas departments and employees through educational initiatives promoting security best practices. You will focus on information security risk and internal controls management, monitoring threats that may impact the business. Interested but not based in Joinville? No problem—we support fully **remote/home office work.** **Responsibilities and Duties** * End-to-end leadership of the **Information Security and Cybersecurity Risk Management process**: identification, analysis, evaluation, treatment, acceptance, and continuous monitoring; * Maintain and evolve the **Risk Register**, ensuring traceability (cause, impact, probability, existing controls, action plan, risk owner, deadlines, and status); * Plan and execute **risk assessments** for initiatives, changes, and projects (e.g., new systems, integrations, architecture changes, cloud adoption, third parties, new technologies); * Evaluate and monitor the **effectiveness of information security controls**, supporting teams in implementation, evidence collection, and continuous improvement (preventive, detective, and corrective controls); * Define and track **treatment plans** (mitigation, transfer, acceptance, or elimination), performing follow-ups with responsible parties and supporting risk-based prioritization; * Prepare **executive and operational risk reports**, trends, and exposure analyses (e.g., KRIs, heatmaps, action status, exceptions, residual risks) for both technical and leadership audiences; * Support **audit, compliance, and governance processes** (internal/external), ensuring alignment with applicable policies, standards, and regulatory requirements; * Collaborate with Security, Infrastructure/Cloud, Engineering, Product, and Legal teams to **embed security requirements** and reduce risks from inception. * Operate and enhance the **Third-Party Risk Management process** (onboarding, classification/criticality assessment, due diligence, evaluation, approval, periodic re-evaluations, and termination); * Conduct **supplier and partner security assessments** (questionnaires, document review, evidence validation, technical calls), evaluating security posture and resilience; * Assess risks associated with **data access, integrations, subcontractors (fourth parties)**, cloud hosting, financial data handling, and business continuity requirements; * Support defining and reviewing **contractual clauses** and minimum security requirements (e.g., incident SLAs, encryption, logging, penetration testing, segregation, notification, continuity requirements); * Manage **supplier and partner exceptions and action plans**, including remediation tracking and risk-based decision recommendations. **Requirements and Qualifications** * Bachelor’s degree in progress or completed in **Information Security, Information Systems, Computer Science, Engineering**, or related fields. * Prior experience in **Information Security/Cybersecurity Risk Management (GRC)**, including assessment, treatment, and monitoring; * Hands-on experience leading **risk assessments** (projects, changes, processes, suppliers), with ability to translate technical risks into business impact; * Practical knowledge of **security frameworks and standards**, such as: * **ISO/IEC 27001** (controls and ISMS) and risk management concepts (e.g., **ISO 27005** or equivalent approach); * **NIST Cybersecurity Framework (CSF)** / **NIST 800-53** (or similar models); * **CIS Controls** (or equivalent reference for technical controls); * Experience or familiarity with **TPRM**: criticality classification, security questionnaires, evidence analysis, action plan management, and periodic re-evaluations; * Ability to produce **clear, auditable documentation**, including policies, standards, risk reports, and decision records (acceptance/exception); * Strong communication skills and **stakeholder management capability** (negotiating timelines, driving actions, aligning technical and non-technical teams); **Additional Information** Advantages: * Focus on TPRM (Third-Party Risk Management) Additional Information: * 8-hour daily schedule (Mon–Fri; Saturdays are not compensated); * CLT employment contract. **We are a Fintech**, a Payment Institution accredited by the Central Bank of Brazil, and **our purpose is to maximize business productivity through technology.** We offer a complete solution for billing, payments, receivables advance, and serve over 200,000 clients—including self-employed professionals, microentrepreneurs (MEI), and large enterprises. Our dream began in 2010 in Joinville/SC, and we believe the sky is not the limit for our growth. That’s why our team today spans across Brazil! **Over 1,000 people share Asaas’ dream—collaboratively, innovatively, efficiently, with autonomy and freedom to soar high.** Soaring high demands resources to live and work better—and freedom to manage them. Thus, we welcome and care for our team by offering benefits supporting personal and professional growth: **For health and well-being:** We provide full-coverage medical and dental assistance, life insurance, medication purchase support, and physical activity subsidies. Additionally, Neon supports our team’s financial health, and Zenklub supports physical and mental health (we offer 4 free monthly therapy or nutritionist sessions). At our headquarters, we also offer *quick massage.* **For meals and family:** Our flexible meal benefit is delivered via a Visa credit card—usable however each person prefers. At our headquarters, we offer *free food*, and for families, we provide daycare assistance, parental support programs, and extended maternity and paternity leave. **For education and growth:** Beyond a challenging and highly developmental environment, we offer an in-house training platform and education assistance covering 70% of tuition fees for undergraduate studies and language courses, plus reimbursement for course and book purchases—so our team never stops learning. **For high-quality remote work:** We provide home office allowance, work equipment, furniture subsidy, and partner with WOBA so our employees can use coworking spaces across Brazil whenever desired. Explore our headquarters in Joinville/SC via **this virtual tour!** **Extras—because the Dream Team deserves them:** Birthday *Day Off*, Happy Hour allowance, referral bonuses, annual goal-based bonuses, Stock Options plan, and a relaxed, *no dress code!* environment.
