Specialist in product security for TIAA focused on maintaining security throughout product lifecycles. Engaging in product development, vulnerability analysis, and team collaboration.
About the role
- Desenvolver e gerenciar políticas de segurança e privacidade da informação na DropReal. Colaboração entre TI, Jurídico e Negócios para garantir a conformidade em Segurança da Informação.
Responsibilities
- Develop, implement, and manage information security and privacy policies, standards, and procedures.
- Perform continuous risk analysis and management for Information Security and Information Privacy, developing mitigation plans.
- Identify and analyze new threats and vulnerabilities, proposing preventive and corrective measures.
- Create, review, and update information security and privacy policies, standards, and procedures.
- Ensure security and privacy policies are aligned with industry best practices and regulatory requirements.
- Ensure compliance with standards and regulations such as ISO/IEC 27001, ISO/IEC 27701, GDPR, LGPD, among others.
- Coordinate and support internal and external information security and privacy audits.
- Develop and deliver training and awareness programs on information security and privacy.
- Monitor performance indicators related to information security and privacy.
- Prepare periodic reports on the state of information security and privacy for senior management.
- Participate in incident response for information security and privacy incidents.
- Implement corrective and preventive actions to prevent incident recurrence.
Requirements
- Strong knowledge of security frameworks such as NIST, CIS Controls, COBIT, ITIL, and ISO/IEC 27001/27701.
- Strong knowledge of laws and regulations such as LGPD, GDPR, Brazilian Central Bank (BACEN) rules, SOX, among others.
- Solid experience in information security and privacy management system projects, including conducting risk assessments and implementing controls based on industry frameworks.
- Minimum of 3 years of experience in the field.
- Bachelor's degree in Business Administration with emphasis on Management Systems, a degree in Information Security, or a postgraduate degree in Information Security and/or GRC.
- Desirable certifications related to this role (EXIN ISFS, CompTIA Security+, ISO 27001/27701 Lead Implementer).
Benefits
- Health insurance
- Dental insurance
- Home office allowance
- Life insurance
- Meal allowance
- Transportation allowance
- Career development plan
- Salary commensurate with the role
- Food allowance
- Training
- Fuel/commuting allowance
- Wellhub (Gympass)
- Day off
- Flexible benefits card
- Profit sharing
Job title
Job type
Experience level
Salary
Not specified
Degree requirement
Location requirements
Cyber Security Engineer designing and developing cybersecurity tools and solutions for ADI Global Distribution. Role involves secure software development and cloud engineering to ensure cybersecurity integrity.
Cyber Security Engineer focusing on secure software development and cybersecurity solutions for ADI Global Distribution. Engaging with an international team to enhance software integrity and security practices.
Head of IT, Security & Compliance ensuring the IT infrastructure and compliance at CameraMatics. Leading security initiatives and regulatory obligations in a hybrid work setting.
Security Officer conducting interior and exterior patrols to ensure safety and monitor access in data centers. Collaborating with clients and performing various security duties.
Managing Director for Security and Resilience at Edison Electric Institute overseeing security and resilience operations for electric power system. Leading a team of experts in national security and regulatory processes.
Head of AI Security at Absa developing security frameworks for AI systems. Responsible for safeguarding AI platforms against cybersecurity threats and ensuring secure development practices.
Security Officer responsible for armed security at the Arizona State Courts Building. Patrolling, monitoring security systems, and ensuring safety during shifts, holidays, and weekends.
Senior Security Engineer managing Privileged Access Management solutions for ZEISS. Engineering and supporting PAM ecosystem, with a focus on BeyondTrust Password Safe, and ensuring reliable service delivery.
Principal Technology Risk & Control Officer managing technology risk assessments and controls at Northern Trust, a leading financial institution. Collaborating across multiple technology domains to ensure alignment with business objectives and regulatory expectations.