Browse
···
Log in / Register
Job Summary: Support all areas of Information Security, ensuring compliance, audits, business continuity, and risk management. Key Highlights: 1. Comprehensive Information Security support 2. Strategic participation in security committees 3. Management and evolution of the Business Continuity Plan **Summary of Responsibilities** Provide support across all Information Security domains, aligned with business requirements, internal standards, and corporate procedures, promoting continuous adherence to industry best practices. Support and conduct internal and external Information Security audits by providing documentation and evidence, thoroughly analyzing auditor requests—including design and effectiveness testing of controls and IT General Controls (ITGCs) in the context of IT audits for financial statements. Actively participate in Information Security and Business Continuity committees, contributing to strategic discussions and preparing meeting minutes to ensure visibility and traceability of decisions made. Maintain and evolve the Business Continuity Plan (BCP), ensuring all critical company processes are properly mapped, tested, and covered—including execution of continuity tests and Business Impact Analyses (BIA). Perform periodic technological vulnerability assessments, evaluating risks, preparing executive reports, defining action plans for mitigation or elimination, and supporting Infrastructure/IT teams in risk reduction while maintaining acceptable residual risk levels. Participate in defining and assessing Information Security requirements for projects—including strategic and architectural decisions, designs for new applications and architectures—with a focus on proactive risk anticipation (threat modeling, Key Risk Indicators [KRI], Risk Assessment Scoring [RAS], vulnerabilities). Develop, review, and maintain Information Security-related policies, standards, procedures, and manuals, ensuring alignment with group recommendations and corporate tools. Conduct and deliver periodic Information Security awareness training, fostering a security culture and enabling continuous employee retraining. Generate, monitor, and present performance indicators and executive reports—including ISMS maturity (based on ISO 27001, NIST CSF), operational controls—and report results to executive leadership and stakeholders. Execute ISMS activities, including: scope review, risk assessment and treatment, document control, non-conformance CAPA management, internal audits, incident monitoring and response, third-party contract and legal requirement reviews, and facilitation of the continuous improvement cycle (PDCA). Respond to departmental requests and tickets, actively participate in meetings, and continuously collaborate with other company departments to support operations and meet business needs. **Requirements** Bachelor’s degree in Computer Engineering, Information Systems, Information Security, or related fields. Proficiency in ISO 27001:2022 and other relevant standards (NIST, PCI\-DSS, GDPR, LGPD); Knowledge of Security Architecture (Zero Trust, Cloud\-Native, DevSecOps); Understanding of Information Security Governance, and Audit and Compliance (internal and external); Lead Auditor certification; Experience in Risk Management (identification, assessment, treatment, and monitoring); Advanced English and intermediate Spanish proficiency; advanced-level Microsoft Office suite. Preferred: Experience with threats, vulnerabilities, cyber risks, controls, and countermeasures; Preferred: Knowledge of networking (OSI model, diagrams, topologies) and protection solutions (Firewall, WAF, Proxy, DLP, etc.); Preferred: Experience with Business Continuity Plans and Disaster Recovery (RTO, RPO).
