Staff Security Engineer (GRC)

📋 Description

• Act in evolution of the Information Security GRC strategy based on risk and business impact.
• Lead end-to-end information security risk management per Risk Management framework.
• Lead or support policies, third-party risk, incident governance, AI governance, resilience.
• Perform maturity assessments using NIST CSF 2.0, ISO 27001/27002, CIS, and SOX.
• Define and monitor risk indicators, governance forums, and executive materials for visibility.
• Collaborate with tech and corporate teams to evaluate controls, remediation, and audits.

🎯 Requirements

• 7+ years in Information Security GRC in complex environments.
• Practical leadership in risk management, governance, policies, audits, and third-party risk.
• Knowledge of NIST CSF 2.0, ISO 27001/27002, CIS, SOX.
• Ability to discuss controls with depth to evaluate design and effectiveness.
• Knowledge of cloud security, IAM, vulnerability mgmt, data protection, cyber resilience, AI security.
• Portuguese and English communication skills.

🎁 Benefits

• Competitive salary
• Profit sharing
• Meal allowance
• Health insurance
• Dental plan
• Life insurance