Cyber Security Engineer protecting data from threats in a fintech startup. Collaborating with the Information Security Team and implementing security controls for technical projects.
About the role
- Leading strategic initiatives in Information Security Governance and Compliance at Creditas. Developing policies and managing risk assessment processes to ensure organizational security compliance.
Responsibilities
- Will be responsible for leading and executing strategic Governance, Risk and Compliance (GRC) initiatives in Information Security, acting as a focal point to ensure compliance with industry best practices and regulations. This professional will:
- Develop corporate and technical documentation (Policies and Standards) ensuring compliance with ISO 27001 and other relevant standards.
- Perform critical reviews of security-related documentation, identifying improvements and ensuring accuracy and compliance.
- Implement controls based on information security, risk management and compliance frameworks and standards.
- Conduct the information security risk assessment process, from identification and analysis to mitigation and continuous monitoring.
- Support the Privacy team with technical measures to ensure compliance with data protection laws, adjusting IT processes as required.
- Interface with business areas to seek improvements and enhancements in security awareness program activities.
- Implement security awareness programs for all employees, promoting an information security culture.
- Develop and implement information security controls and processes aimed at continuous service improvement.
- Prepare and maintain tactical and operational reports and metrics.
- Support assessment and application of existing controls to new projects and supplier onboarding, ensuring required controls are met.
- Design and validate evaluation, testing and audit strategies and adherence to policies and standards.
- Organize Information Security committees.
- Coordinate audit deliverables with the Information Security teams.
- Participate in internal and external audits to ensure regulatory compliance.
- Manage the audit non-conformity (findings) lifecycle, from identification to implementation of corrective actions.
Requirements
- Bachelor's degree in Computer Science, Systems Analysis, Information Technology, Information Security, Information Systems and/or related areas.
- Knowledge of IT technologies to liaise with business areas and technical teams, ensuring security policies are understood and effectively implemented.
- Knowledge and experience in audit and governance processes.
- Experience developing and implementing Information Security plans, policies and standards.
- Knowledge of the application of frameworks such as: NIST, ISO 27001 and 27002, SOC.
- Familiarity with COBIT, ITIL, OWASP, CIS, CMMI, LGPD, GDPR.
- Excellent verbal and written communication skills.
- Organizational control to ensure quality and meet deadlines.
- Negotiation, collaboration and teamwork skills to interact with business areas and other technical teams, promoting solutions that align security and business objectives.
- Ability to influence and lead initiatives, acting as an evangelist for information security culture within the organization.
- Availability for hybrid work: required to attend our office in the Morumbi area of São Paulo once a month for 4 consecutive days, usually in the last or first week of the month (Creditas in Person).
Benefits
- Health Plan (Alice)
- Dental Plan (SulAmérica)
- Wellz: 100% free therapy sessions
- Wellhub: access to gyms and studios
- Creditas Endurance: high-impact sports incentive program
- Pharmacy agreement (Univers)
- Life Insurance (Porto Seguro)
- Birthday day off
- Extended parental leave: 6 months for birth parents and 35 days for non-birth parents
- Family Care: support program for maternity and paternity
- Childcare allowance
- Support for dependents with disabilities (PWDs)
- SESC: access to units for you and your dependents
- Meal Allowance (VR): flexible benefits card (Creditas Card)
- Payroll-deductible loan (Creditas Benefits)
- Salary advance (Creditas Benefits)
- Discounts on insurance (Minuto Seguros)
- Access to exclusive financial education content in the Creditas app
- PPR: profit-sharing program
- Educational and development incentives
- Flexible work model
- Free bike parking at the office
- Partnered parking at the office (subject to internal availability)
Job title
Job type
Experience level
Salary
Not specified
Degree requirement
Location requirements
Junior Security Incident Responder in an innovative IT service company protecting clients against cyber threats. Collaborating with teams to enhance IT security and respond to incidents.
Security Incident Responder managing IT security incidents in the Security Operations Center, analyzing threats and coordinating responses effectively for clients' safety.
Senior Security Engineer developing and enhancing security infrastructure for Bank Frick, a pioneer in blockchain banking. Responsible for managing security processes and collaborating with IT teams.
Werkstudent Cyber Security bei Wavestone, Unterstützung im IT - Consulting und Entwicklung im Bereich Cyber - Sicherheit. Analyse von Trends und aktive Teilnahme an Teamaktivitäten.
Project Manager for Security Technology managing complex security projects in MENA region. Involving internal teams and external integrators ensuring project success and client satisfaction.
Cyber Security Manager at British American Tobacco strengthening cyber resilience across Western Europe. Responsible for managing security initiatives and collaborating with regional teams.
Stagiaire responsable de l’accompagnement à la mise en place d’un système SSE pour un bureau d’études en ingénierie. Impliqué dans la structuration, suivi et déploiement de systèmes SSE.
Graduate Cyber Technician contributing to Babcock Australasia's Defence Industry initiative. Join the 2027 Graduate Program and engage in personal and professional development.
Engineering Intern involved in real work and active projects at Babcock Australasia. Collaborating with experienced professionals to gain real - life experience in a supportive environment.