Mid-level Security Analyst, GRC Focus

Job not on LinkedIn

19 hours ago

Apply Now

Receive Emails with Similar Jobs

Cruzeiro do Sul Educacional S/A

WebsiteLinkedInAll Job Openings

Education • B2C

Cruzeiro do Sul Educacional S/A is a large Brazilian private education group with about 60 years of history that offers education from basic schooling through higher education, delivered both in-person and via distance learning. The company serves hundreds of thousands of students across multiple branded institutions, emphasizes student autonomy and protagonism, invests in pedagogical innovation and methodology development, and operates one of the largest distance-education networks in Brazil. It also engages in investor relations and ESG, employing thousands of faculty and staff to support its educational programs.

5001 - 10000 employees

Founded 1965

📚 Education

👥 B2C

📋 Description

• Work collaboratively in a team, share knowledge, contribute and grow with the team’s challenges, remaining innovative and resilient in day-to-day situations. • Participate in projects and committees, foster good relationships across departments, and communicate with clarity and transparency. • Operate with a 360° view across information and cyber security activities; participate in Privacy and Security projects and committees. • Contribute to the development of information security policies, processes, procedures, RFPs and RFIs. • Create and maintain policies, standards, processes and procedures for information and cyber security, as well as KPIs and continuous controls. • Serve as a point of reference and support for the team on market frameworks such as NIST/ISO27K/CIS/CSA, policies, standards, processes, audits, data protection and continuous controls. • Knowledge of and operational management experience with solutions such as DLP (Data Loss Prevention), Information Classification, Email Encryption and CASB (Cloud Access Security Broker) for data protection. • Lead the vendor assessment process for information and cyber security. • Drive the information security awareness program and conduct workshops across the company. • Engage in committees, squads and other forums to provide guidance on information security policies and practices based on frameworks such as ISO 27001, NIST, CIS, CSA; familiarity with GDPR and LGPD is a plus. • Work cross-functionally with incident response teams, participate in cyber exercises, cyber war games, CTFs and other team and partner activities. • Stay alert to emerging scenarios and current cyber threat trends.

🎯 Requirements

• Experience with frameworks such as MITRE ATT&CK, NIST, CIS, ISO 27001/27002 and CSA. • Experience in information security governance and with solutions such as DLP, Fortinet Firewall, Proxy, Zero Trust, IAM, PAM and CASB. Knowledge of Azure and GCP environments. • Knowledge in identifying potential vulnerabilities and incidents, and contributing to investigation and remediation efforts. • Experience with cyber hygiene activities, network security, operating systems and application security. • Certifications in data protection solutions and information/cybersecurity topics are a plus. • Possess certifications such as ECIH, GCIH, ISFS, PDPF/PDPP, COBIT, Security+, CDPSE, CIPP/CIPM. • Intermediate English. • Bachelor's degree related to Cybersecurity / Information Security (preferred).

🏖️ Benefits

• Health insurance • Dental insurance • Meal voucher • Pharmacy discount program • Total Pass (transportation benefit) • Tuition assistance (undergraduate or postgraduate) after 3 months of employment • Life insurance • Birthday day off