Job Summary: Senior Information Security Analyst to structure, evolve, and maintain the Information Security Management System (ISMS), ensuring regulatory compliance and continuous improvement—with a focus on security without bureaucracy. Key Highlights: 1. Strategic and operational involvement in information security management. 2. Focus on continuous improvement and real impact, with security without bureaucracy. 3. Opportunity to influence strategic decisions in committees. We are seeking a Senior Information Security Analyst with both strategic and operational capabilities, responsible for structuring, evolving, and maintaining the Information Security Management System (ISMS), ensuring regulatory compliance, maturity in governance, risk, and controls, as well as aligning technical risks with business decisions—focused on continuous improvement and real impact: security without bureaucracy. **Responsibilities and Duties** * Draft, review, and maintain information security policies, standards, internal controls, manuals, and procedures; * Support the development, implementation, and evolution of the ISMS based on ISO/IEC 27001; * Ensure compliance with regulations, standards, and security frameworks; * Continuously assess threats and vulnerabilities, supporting the Information Security roadmap; * Coordinate security incident investigations and responses; * Conduct training and awareness initiatives on Information Security across internal departments; * Review, monitor, and provide visibility into action plans related to information security risks; * Assess regulatory and operational risks related to Information Security; * Integrate Information Security risk management into organizational maturity domains; * Lead and promote the Information Security Risk Committee to support decision-making; * Define, track, and report KRIs (Key Risk Indicators); * Promote continuous improvement of Information Security risk and control processes; * Participate in the implementation and evolution of the GRC (Governance, Risk, and Compliance) project; * Conduct internal and external Information Security audits; * Develop and keep updated processes, operational workflows, and tools for assessing security and privacy risks; * Critically evaluate IT and Security services from an LGPD perspective; * Actively participate in Information Security and Privacy Committees, influencing strategic decisions. **Requirements and Qualifications** * Bachelor’s degree completed in Information Security, Computer Engineering, Information Systems, Systems Analysis, or related fields; * Proven experience in developing and implementing Information Security policies, standards, and procedures; * Solid experience in Risk Management; * Knowledge of NIST Cybersecurity Framework (CSF) and CIS Controls; * Experience working in regulated environments and security governance. **Additional Information** **Salary:** To be negotiated **Benefits:** Transportation Allowance, Meal Voucher, WellHub, and SESC Membership **Working Hours:** Monday to Friday, from 09:00 to 18:00 **Work Model:** On-site – East Zone/SP