Senior Security Governance Analyst

At Swile, we believe that good products can help reduce friction in daily professional life and boost employee satisfaction. Today, we provide innovative solutions in various areas such as Fintech, Travel, HR, and Employee Benefits to more than 5.5 million users in 85,000 companies in France and Brazil.

Role in a strategic structure within the Security area, focusing on control management, regulatory compliance, fraud prevention, data protection, and business continuity.

This person will play a key role in the definition, implementation, and maintenance of policies, processes, and controls, ensuring the protection of information assets and compliance with national and international regulations such as LGPD, GDPR, BACEN, and PCI DSS.

Main Responsibilities:

Act throughout the lifecycle of security, technology, fraud prevention, and AML (Anti-Money Laundering) controls;

Develop, review, and maintain policies, standards, and procedures aligned with market best practices (NIST, ISO 27001, etc.);

Conduct security risk analyses (both technical and non-technical), proposing effective mitigation plans;

Lead regulatory compliance initiatives, including LGPD, GDPR, PCI DSS, BACEN, among others;

Manage and report security indicators (KPIs and KRIs) to executive leadership;

Participate in Third Party Cyber Risk Management (TPCRM) processes, including vendor risk assessments, due diligence, and remediation plans;

Collaborate with departments such as Legal, IT, Compliance, Procurement, among others, integrating security governance into corporate processes;

Support and enhance business continuity strategies (BCM/DRP), considering people, processes, and systems;

Assist in handling security incidents and continuously improve the response process;

Contribute to increasing the company’s overall information security maturity level.

Requirements:

Solid experience (+7 years) in Information Security, preferably in the financial sector or regulated companies;

In-depth knowledge in risk management, regulatory compliance, data security, and market frameworks;

Familiarity with PCI DSS, LGPD/GDPR, BACEN, ISO 27001, NIST CSF, among others;

Experience with AWS and security improvements in cloud environments (desirable);

Ability to translate technical issues into business language;

English level B2 (reading, writing, and technical conversation).

Differentials:

Certifications such as CISM, CISSP, ISO 27001 Lead Implementer, PCI ISA, CDPP, or similar;

Experience with GRC tools, risk management, and compliance automation;

Proactive and hands-on profile, with strategic vision and a sense of urgency.