Risk Specialist I – Information Security

Job not on LinkedIn

🔥 0 minutes ago

🗣️🇧🇷🇵🇹 Portuguese Required

Apply Now
Find Similar Remote Jobs

📊 Check your resume score for this job

Improve your chances of getting an interview by checking your resume score before you apply.

Logo of Grupo Boticário

Grupo Boticário

10,000+ employees

Founded 2010

💄 Beauty

🛒 Retail

🧘 Wellness

Beauty • Retail • Wellness

Grupo Boticário is a leading Brazilian beauty company founded in 1977 that emphasizes innovation in beauty solutions while promoting love and inclusivity. The company offers a diverse portfolio of beauty products, including skincare, makeup, and wellness items, while also championing entrepreneurship and social impact through its foundation and various initiatives. Grupo Boticário is recognized for its commitment to sustainability, accessibility, and high-quality products, making it one of the largest beauty platforms in Latin America.

📋 Description

• **Strategic Risk Partnership:** Map, identify, and model cyber and digital-origin corporate risk scenarios (such as data leaks, digital extortion, cyberattacks, and downtime) across the company's ecosystem, translating technical data into clear business-impact insights. • **Audit Orchestration:** Serve as the primary focal point and facilitator for internal and external audits. You will be the link between auditors and technology teams, constructively challenging findings, ensuring clarity of control objectives and validating that technical responses are robust. • **Maturity Advancement (NIST & CIS):** Conduct periodic assessments and manage the roadmap for Information Security maturity using the CIS Controls and NIST CSF frameworks to evaluate and raise the effectiveness of our technical controls. • **Action Plan Assurance (Remediation):** Support and guide technical teams in building effective action plans (APs), ensuring that proposed fixes address root causes and truly mitigate the issues identified in audits. • **PCI DSS Support:** Support the management, design, and effectiveness testing of controls related to PCI DSS certification, ensuring continuous compliance and the security of our transactional operations. • **Technological Resilience:** Actively collaborate in mapping discontinuity scenarios for critical environments, supporting decision-making that ensures business resilience and continuity based on technological criticality. • **Metrics and Awareness:** Operate GRC tools, review metrics, and create intelligent KRIs (Key Risk Indicators) to monitor the materialization of risks. In addition, you will support the dissemination of a risk and security culture across the company.

🎯 Requirements

• **Experience in Risk Management and GRC:** Solid experience in Information Security risk management, Technology, Technical Controls, or IT audit. • **Proficiency with Industry Frameworks:** Practical knowledge and application of global frameworks, mandatorily NIST CSF and CIS Controls. Familiarity with ISO standards (31000, 27001, 22301) and COBIT is a plus. • **Audit and Controls Background:** Experience supporting Technology audits, as well as designing, implementing, and testing the effectiveness of mitigating and compensating controls. • **Regulatory Knowledge of PCI:** Familiarity with the requirements, architecture, and sustaining processes for PCI DSS certification. • **Threat Modeling and Metrics:** Strategic capability to conduct structured risk analyses (qualitative and quantitative) and develop customized modeling by line of business. Technical ability to translate risk exposure into actionable GRC indicators (KPIs and KRIs) to support decision-making. • **Artificial Intelligence:** Knowledge of Artificial Intelligence and the ability to use AI tools to optimize and improve process efficiency is a plus. • **Communication and Diplomacy (Soft Skills):** Excellent corporate communication skills, with the ability to translate complex technical terms into business impacts for different audiences. A consultative, resilient profile with strong influence to negotiate timelines and solutions with Information Security and Technology teams. • **Business Perspective:** Mindset focused on understanding the company's value chain, viewing security as a driver of trust and business growth. • **Builder and Autonomous Profile:** Entrepreneurial mindset (ownership) to independently manage highly complex projects, driving high‑value results and developing scalable, efficient operations.

🏖️ Benefits

• Here, your **Health** is a priority • . Medical and dental plan • . Medication assistance • . Health allowance for family members • . Free psychotherapy sessions • . Telemedicine and second medical opinion • . Free flu vaccination • . Health care programs • **- To take care of your **Nutrition** • . Meal voucher or local restaurant card (depending on work model) • . Food allowance • . Holiday food allowance • **- **Ensuring Well-being and Quality of Life in all aspects of life** • . Gym and fitness studio plan • . Home office allowance (hybrid and remote work models) • . Pet health plan • . Birthday day off • . Up to 40% discount on our products • . Employee membership (agreements and partnerships, multi‑brand store, Total Pass gyms, courses and much more!) • . Travel and accommodation program • **- For the **Family**, our most precious asset • . Childcare assistance • . Child nutrition credit • . Babysitter allowance • . School supplies allowance • . Legal, psychological and social counseling • . Support for atypical parents • . Extended parental leave (180 days for mothers and 120 days for fathers) • **- **Mobility **for your on-site journey • . Commuter benefit and parking (hybrid and on-site models) • **- **Financial Security **for protection and peace of mind • . Life insurance • . Support in the event of parents' passing • . Private pension plan • . Payroll-deductible loans

Apply Now

Similar Jobs

🕒 3 days ago

Omie

1001 - 5000

☁️ SaaS

💳 Fintech

🛍️ eCommerce

Analista de Segurança da Informação developing secure applications and conducting penetration testing for Omie. Focused on web application security and API testing with detailed reporting on vulnerabilities.

🗣️🇧🇷🇵🇹 Portuguese Required

Node.js

PHP

Python

Go

🕒 4 days ago

Specialist in Endpoint Security managing and evolving corporate devices security systems with the company. Ensuring compliance and effective response to threats.

🗣️🇧🇷🇵🇹 Portuguese Required

Azure

Cloud

MacOS

Python

🕒 June 30

Cooperativa Central Ailos

1001 - 5000

💸 Finance

👥 B2C

Security Architect evaluating architectures for security solutions in Cloud and corporate systems. Collaborating with teams to maintain security best practices in technology projects.

🗣️🇧🇷🇵🇹 Portuguese Required

Cloud

🕒 June 30

Portobello Shop

1001 - 5000

🛒 Retail

🛍️ eCommerce

Technical specialist in information security operations for Portobello Shop, leading security strategies and team development.

🗣️🇧🇷🇵🇹 Portuguese Required

AWS

Azure

Cloud

Cyber Security

Firewalls

Linux

Open Source

Python

🕒 June 19

Dexco

10,000+ employees

👥 B2C

🛒 Retail

🤝 B2B

Analista Segurança da Informação Sênior ensuring security in corporate environments at Dexco. Handling incidents, vulnerabilities management, and security controls oversight.

🗣️🇧🇷🇵🇹 Portuguese Required

Cloud