Senior Product Security Engineer at Red Hat focusing on security and compliance for digital sovereign products while collaborating across global teams and enhancing automation.
About the role
- Information Security Manager overseeing cybersecurity and risk management initiatives at EdgeUno. Collaborating with various teams ensuring confidentiality and compliance across systems and data.
Responsibilities
- Design, execute, and continuously improve EdgeUno’s global Information Security Program aligned with ISO 27001:2022 and industry best practices.
- Serve as the Information Security Officer (ISO) responsible for maintaining our ISO 27001:2022 certification, leading audits, gap analyses, and surveillance processes.
- Define security policies, controls, and guidelines to mitigate risk and ensure corporate policies and regulatory compliance across geographies.
- Lead and mentor the Information Security Team providing support for internal users across all departments and locations.
- Own and operate the Information Security Risk Management Framework including regular risk assessments, control validation, vendor security reviews, and mitigation planning.
- Lead and maintain Business Continuity Plans (BCP), Disaster Recovery Plans (DRP), and Contingency Planning procedures.
- Collaborate with Legal, Operations, and external consultants to ensure alignment with data privacy laws (e.g., LGPD, GDPR, and LATAM regulations).
- Manage Security Operations Center (SOC) functions either in-house or with third-party providers, ensuring effective threat detection and incident response.
- Oversee Threat Intelligence, vulnerability management, and offensive security practices including regular penetration testing and red/blue team exercises.
- Define and enforce Data Loss Prevention (DLP) strategies to monitor and protect sensitive data across databases, endpoints, cloud, and SaaS platforms.
- Drive data classification and privacy-by-design principles across systems and development workflows.
- Develop and run a company-wide Security Awareness Program, ensuring employees understand their roles in cybersecurity and compliance.
- Conduct phishing simulations, internal campaigns, and role-based training to drive security culture across the organization.
- Partner with stakeholders to ensure alignment between support, device, and security policies.
- Serve as the primary point of contact for all security incidents, regulatory inquiries, and audit responses.
- Regularly report program status, information security risks, and KPIs to executive leadership.
Requirements
- Bachelor’s degree in Information Security, Computer Science, Engineering, or a related field.
- Master’s and relevant certifications (CISSP, CISM, CRISC) strongly preferred.
- 10+ years of experience in cybersecurity, risk management, or information security roles, including 5+ years in a team leadership capacity.
- Deep experience with ISO 27001 implementation, certification, and maintenance.
- Knowledge of security and other frameworks such as NIST CSF , CIS Controls , MITRE ATT&CK , NIST RMF , FAIR, OCTAVE , COBIT , and ITIL.
- Experience with SOC operations, threat intelligence platforms, SIEMs, SOAR, XDR, EDR, and incident response workflows.
- Familiarity with IAM/PAM systems, vulnerability scanning, DLP tools, and privacy compliance (GDPR/LGPD, etc.).
- Strong understanding of business continuity planning, disaster recovery design, and cloud/hybrid environments.
- Excellent communication skills in English; Spanish and/or Portuguese highly desirable.
- Comfortable operating in a hybrid, globally distributed organization.
- Previous experience in telecom, hosting, datacenter, or infrastructure service providers is a plus.
Benefits
- Competitive compensation package
- Training and development opportunities
- Collaborative environment
- Security Awareness Program
Job title
Job type
Experience level
Salary
Not specified
Degree requirement
Tech skills
Location requirements
Security Engineer safeguarding K - 12 student data in several locations for EduTech startup. Designing secure software systems and ensuring data protection to comply with privacy standards.
Security Engineer focusing on data protection and privacy for Kira Learning's educational technology. Safeguarding K - 12 student data while collaborating with engineering teams on secure software development.
Senior Cybersecurity Engineer responsible for protecting Advansys and its clients' IT infrastructure. Designing, implementing, and managing security solutions, while mentoring junior engineers.
Security Engineer responsible for incident response and security protocol design at Sinch. Joining a global team to safeguard sensitive information and enhance cybersecurity measures.
Content Developer creating engaging and effective learning materials for coding education online. Collaborating with a team to develop tailored resources for K - 12 learners in Egypt.
Campus Security Officer ensuring safety at Bright Horizons early childcare centers in Seattle. Responsible for access control, surveillance, and emergency response.
Sounding and Security Watch responsible for Navy asset security at NSF Diego Garcia. Conducting checks and ensuring safety during designated watch hours with strong situational awareness.
Sales Enablement Manager creating technical content for Upwind Security. Collaborating across teams to translate cloud security concepts into clear narratives for engineers and security leaders.
Security Engineer designing and implementing security measures to protect Snap Inc.'s infrastructure. Collaborating across teams while focusing on threat detection and response strategies.