- Act in the evolution of the Information Security strategic plan, based on risk exposure, maturity level, market benchmarks, and business impact.

- Conduct the information security risk management process end-to-end, including identification, assessment, prioritization, treatment, acceptance, monitoring, and executive reporting, in alignment with the company's Risk Management framework.

- Lead or support key team fronts, such as policies and standards, third-party cyber risk, incident governance, AI governance, cyber resilience, and awareness programs.

- Conduct maturity assessments and evaluations based on frameworks such as NIST CSF 2.0, ISO 27001, CIS, and SOX, transforming diagnoses into executable action plans.

- Define and monitor indicators, governance forums, committees, and executive materials that provide visibility into risks, controls, projects, and maturity evolution.

- Work in partnership with technical and corporate teams to evaluate controls, coordinate remediations, monitor audits and projects, and support the evolution of Information Security maturity.

- Incorporate the use of AI into role activities, with responsibility and a focus on productivity gains and scale.

- Contribute to the evolution of AI governance and security within the company through a culture of responsible and secure technology adoption, assessing risks, and defining controls.

- Monitor and support internal and external audit activities, ensuring the quality and technical consistency of responses, evidence, and remediation plans.

- Solid experience (7+ years) in Information Security GRC, with practical performance in complex, dynamic, and technology-intensive corporate environments.

- Practical experience in leading Information Security topics related to risk management and analysis, governance, policies, standards, audits, awareness programs, and third-party risk management.

- Consistent knowledge of frameworks and standards such as NIST CSF 2.0, ISO 27001/27002, CIS, SOX, and related security references.

- Ability to discuss security controls with enough depth to evaluate design, coverage, and effectiveness in practice.

- Good understanding of topics such as cloud security, IAM, vulnerability management, data protection, cyber resilience, AI security, incident management, and third-party cyber risk.

- Ability to transform regulatory requirements, risks, and complex topics into clear, pragmatic, and actionable guidance.

- Senior profile with strong execution, influence, and prioritization skills, and the ability to interact with technical, executive, and corporate audiences.

- Good verbal and written communication in Portuguese and English.

Processo seletivo inclui:
Selecionamos as principais informações da posição. Para conferir o descritivo completo, clique em "acessar"