Information Systems Security Officer ensuring compliance and security for automated information systems. Conducting inspections and implementing countermeasures for vulnerabilities within the security framework.
About the role
- ICT & Security Risk Manager at BCR driving ICT risk management and team collaboration with Technology & Security teams. Executing enterprise-wide risk assessments and ensuring effective reporting and compliance.
Responsibilities
- Drive the execution of the ICT risk management framework;
- Provide constructive challenge to Technology & Security teams;
- Ensure risks are monitored and reported effectively;
- Maintain and enhance the ICT & Security Risk Policy, procedures, and assessment methodology;
- Execute and coordinate enterprise-wide ICT risk assessments and targeted thematic reviews;
- Assess security findings and control weaknesses, validate risk severity, and ensure structured, risk-based remediation tracking;
- Provide effective 2nd line challenge to 1st line risk assessments; deliver pragmatic and actionable recommendations;
- Own and improve the ICT/Cyber risk register;
- Monitor risk treatment plans and mitigation effectiveness;
- Support NFR/Risk Acceptance governance;
- Build and maintain a meaningful KRI framework;
- Analyze trends across incidents, downtime, vulnerabilities, audit findings for forward-looking risk insights;
- Contribute to severe-but-plausible scenario analysis and resilience assessments;
- Lead the ICT change risk component by assessing high-risk changes.
Requirements
- 4+ years of experience in ICT/cyber risk, tech audit/controls, security governance, or operational risk with strong IT exposure;
- Hands-on experience performing risk assessments, control evaluation, and preparing management-level risk reporting;
- Good understanding of regulatory expectations and industry best practices (DORA, NIST CSF, ISO 27001/27002, COBIT, ITIL);
- Strong analytical mindset and the ability to translate technical vulnerabilities into clear business risk implications;
- Confidence to act as a constructive challenger when working with senior technical stakeholders;
- High standards for documentation and evidence-based writing, delivering audit-ready outputs;
- Comfortable working with KRIs, thresholds, and trend analysis;
- Integrity, independence, and sound professional judgment in risk-based decision making;
- Certifications such as CISM, CISSP, CRISC, CISA, ISO 27001 LA/LI, ITIL, COBIT are an advantage;
- Exposure to third-party ICT risk, cloud risk governance, scenario analysis or operational resilience exercises is considered a plus.
Benefits
- Monthly budget for flexible benefits through the Benefit Online platform;
- Performance-based bonus;
- Banking facilities, benefits for private pension and discounts on insurance policies;
- Gifts for special occasions;
- Private medical services for you and your family;
- Hybrid and flexible work schedule;
- Up to 27 vacation days depending on your professional experience;
- Extra 7 days off per year if you have used up your vacation days;
- One day off for your birthday;
- Wellbeing, personal and professional development programs, and platforms that allow you to learn anytime, anywhere, and from any device;
- Subscription to Bookster.
Job title
Job type
Experience level
Salary
Not specified
Degree requirement
Tech skills
Location requirements
Information Systems Security Officer supporting national priority programs for AMERICAN SYSTEMS. Ensuring security of AIS and network operations as part of information technology and security teams.
Information Systems Security Officer role at AMERICAN SYSTEMS ensuring automated information systems security and compliance. Supporting federal government contracts with a focus on information technology solutions.
Information Systems Security Officer ensuring security for national priority programs at AMERICAN SYSTEMS. Overseeing automated information systems and providing security coordination for compliance and vulnerability management.
Intern supporting the construction and strengthening of data protection culture at N5X. Collaborating with the technology team for security practices and monitoring access.
Embedded Security Software Architect developing secure cryptographic libraries for embedded applications at NXP Semiconductors. Collaborating with engineering teams to ensure high quality and integration.
Coordinate security governance tasks at Vivo to strengthen compliance and risk management. Focus on incident management and develop security maturity within the organization.
Security Administrator providing personnel security and access control support for an Intelligence Community customer. Ensuring compliance with security regulations and managing security records in a fast - paced environment.
Safety Technician at TIM responsible for compliance with health and safety regulations and conducting inspections, training, and audits. Focused on workplace safety and managing emergency processes in Brazil.
Industrial Security Senior Manager overseeing a team at Boeing to implement security policies and mitigate risks. Responsible for compliance, training, and liaising with security representatives.