Information Security Analyst ensuring the protection of systems and data at ScanSource. Collaborating with IT teams and managing security tools to enhance organizational security levels.
About the role
- Analyst of Information Security focusing on Governance and Project Risk Analysis in software development. Join a dynamic team collaborating on security in tech projects.
Responsibilities
- Support information security assessments for projects and applications.
- Conduct technical and compliance risk analyses, proposing mitigation measures.
- Collaborate in the creation, review and implementation of security policies, standards and guidelines.
- Participate in the validation of internal controls based on frameworks such as ISO 27001, OWASP, LGPD, GDPR and NIST.
- Support the development of security reports and metrics for senior management.
- Contribute to the preparation of onboarding materials, training and awareness campaigns.
- Monitor the remediation of nonconformities and security action plans.
Requirements
- Essential knowledge of information security standards and best practices (ISO 27001, NIST and OWASP).
- Familiarity with secure software development processes (DevSecOps).
- Ability to interpret security laws and regulations (LGPD, BACEN, SUSEP, etc.).
- Good communication skills for preparing reports, presentations and technical documentation.
- Analytical and collaborative profile with an interest in advancing in Governance and Risk.
- Preferred / Nice to have
- Participation in projects implementing ISO 27001 controls.
- Knowledge of risk management frameworks (ISO 31000, OCTAVE, FAIR).
- Technical-level English or Spanish.
- Experience with vulnerability management, compliance and audit tools.
- Desirable entry-level information security certifications (e.g., ISO 27001 Foundation, CompTIA Security+).
Benefits
- Health and dental insurance;
- Food and meal vouchers;
- Childcare assistance;
- Extended parental leave;
- Partnerships with gyms and health and wellness professionals through Wellhub (Gympass) and TotalPass;
- Profit sharing (PLR);
- Life insurance;
- Continuous learning platform (CI&T University);
- Employee discount club;
- Free online platform dedicated to promoting physical and mental health and well-being;
- Pregnancy and responsible parenting course;
- Partnerships with online course platforms;
- Language learning platform;
- And many others.
Job title
Job type
Experience level
Salary
Not specified
Degree requirement
No Education Requirement
Location requirements
Red Team Consultant conducting penetration tests and vulnerability assessments for Stefanini. Collaborating on security measures for applications and infrastructure across various environments.
Professional N2 in Information Security executing projects and providing technical support at NetSecurity. Collaborating with São Paulo technical team to enhance cybersecurity processes.
Cyber Security Analyst at Equitable Bank responsible for cyber risk governance. Working in a hybrid environment in Toronto focusing on compliance and risk management.
Cybersecurity Analyst role at Sip providing secure development support for financial services. Involvement in offensive security activities and design software solutions.
Associate Security Analyst responsible for cybersecurity tools, incident response, risk compliance, and policy development at Vanderbilt University.
Experienced Information Security Analyst investigating incidents and mentoring junior analysts in a collaborative environment. Position with a mission - centered organization to support information security operations.
Network Security Analyst leading response efforts during major security incidents while ensuring robust security operations at Comcast. Engaging in investigations and providing strategic recommendations for improvements.
Cyber Security Co - op at RBC analyzing data to detect threats and improve security measures. Collaborating in a dynamic team environment to build solutions for potential cyber threats.
Security Analyst at Digio responsible for Security by Design, identifying and managing risks in projects. Focus on secure architecture, threat modeling, and risk evaluation.