Vice President of Risk and Controls Operations supporting risk management across the enterprise at MUFG. Responsible for coordinating technology risk assessments and operationalizing controls.
IS
Hybrid Senior Governance and Awareness Analyst
Posted 5 months ago
About the role
- Analista de Governança e Conscientização Sênior at IBLISS supporting information security governance and compliance initiatives.
Responsibilities
- Support the planning and execution of projects focused on governance, compliance and continuity management;
- Implement standards, policies and procedures that support the information security and risk management framework;
- Lead internal and external audits, ensuring compliance with regulatory standards and best practices;
- Conduct supplier assessments, evaluating cyber risks, contractual compliance and adherence to technical and security requirements;
- Support business continuity management (BCP/DRP), participating in the definition of policies and procedures, training (e.g., table-top exercises) and plan testing;
- Monitor and ensure adherence to laws, frameworks and standards such as ISO 27001/27701, ISO 27005, ISO 31000, ISO 22301, LGPD, NIST CSF and NIST SP 800-53, among others;
- Act in a consultative capacity as a reference for the Governance and Awareness area, advising internal teams and clients;
- Map and review policies, standards and processes;
- Support clients in technical and strategic projects (onsite or remote);
- Participate in committees, meetings and forums with business areas, technology teams and executive leadership when required;
- Assess and respond to privacy incidents when they occur, ensuring appropriate handling and response in accordance with policies and legislation;
- Contribute to the continuous improvement of data protection and privacy practices;
- Support the structuring of processes based on Privacy by Design and Privacy by Default principles;
- Lead educational campaigns and information security culture initiatives, both internally and with clients;
- Plan and execute educational campaigns with accessible, creative content aligned to the target audience;
- Produce materials such as scripts, presentations, remote and in-person activities, trainings, workshops, videos and interactive events;
- Deliver talks, trainings and workshops on security, privacy and digital ethics;
- Develop content for social media, internal communications and institutional materials;
- Conduct social and engagement activities with partners and clients to reinforce the organization’s purpose;
- Conduct risk assessments (current and potential), identifying impacts to compliance and operations;
- Develop, monitor and validate corrective and preventive action plans;
- Monitor risks using indicators and targets;
- Prepare management and executive reports with status and trend analysis.
Requirements
- Proven experience in Governance, Risk, Compliance and Awareness;
- Bachelor’s degree or postgraduate degree in Technology and Security;
- ISO 27001 Lead Auditor certification or equivalent;
- Experience with information security awareness campaigns, including remote and in-person presentations;
- Practical experience in audits and interactions with regulatory bodies;
- Knowledge of standards, laws and frameworks such as: LGPD, GDPR, NIST CSF, NIST SP 800-53, CIS Controls, PCI DSS, COBIT, ITIL, the ISO 27000 family, among others;
- Experience with supplier risk assessments and continuity management (BCM/DRP);
- Analytical profile with the ability to structure action plans;
- Excellent communication, creativity and command of playful and educational language for trainings, activities and presentations;
- Ability to provide consultative support across different areas and hierarchical levels;
- English desirable.
Benefits
- Referral bonus
- Day off on your birthday
- Annual profit-sharing (PLR) proportional and aligned with revenue targets
- Knowledge sharing sessions
- Discounts at educational institutions
- Wellhub
Job title
Job type
Experience level
Salary
Not specified
Degree requirement
Location requirements
Advisory role focusing on risk management and transformation projects at PwC. Collaborating with teams to implement governance, management strategies and lead complex programmes.
Data Governance Engineer shaping mission data governance by leading modernization efforts for national security clients. Collaborating with stakeholders to implement data management strategies.
Senior Data Governance Engineer at Booz Allen leading modernization efforts for mission data governance. Collaborating with stakeholders to implement data strategies supporting national security efforts.
Technology Coordinator at Evertec managing change processes and daily IT application operations. Requires fluency in English and strong governance experience in a hybrid role.
Manager overseeing regulatory compliance management as an SME for TD's Business Banking. Leading a team and managing governance and control programs for effective risk management.
Sustainability & Risk Intern assisting with ESG regulatory compliance and sustainability data management. Engaging with cross - functional teams in Amsterdam to promote supply chain resilience.
Head of Risk leading Wallee Group’s Risk function in a fast - growing payment company. Driving risk management aligned with business goals and regulatory compliance.
Head of Fraud and Risk leading strategy and execution at First Circle, a FinTech company transforming access to credit for SMEs in the Philippines.
Data Quality Risk Supervisor conducting independent assessments of data quality risk frameworks at the Group. Collaborating with various stakeholders within a hybrid work environment.