Senior Security Governance and Risk Consultant

November 25

Apply Now

Receive Emails with Similar Jobs

Tenchi Security

WebsiteLinkedInAll Job Openings

Cybersecurity • Compliance • Enterprise

Tenchi Security is a cybersecurity company that specializes in third-party cyber risk management. Their unique solution, Zanshin, systematically reduces third and nth-party cyber risks by enhancing security postures through continuous monitoring and proactive remediation efforts. Recognized as a LinkedIn Top Startup in 2024, Tenchi Security focuses on building not just compliance but meaningful partnerships in cybersecurity, enabling both enterprises and their third-party vendors to collaboratively manage and mitigate risks.

51 - 200 employees

Founded 2019

🔒 Cybersecurity

📋 Compliance

🏢 Enterprise

💰 $3.3M Seed Round on 2021-10

📋 Description

• Lead the planning, execution, and delivery of security governance and risk management projects for clients across various industries; • Conduct security maturity assessments based on established frameworks (e.g., NIST CSF, CIS Controls, ISO/IEC 27001), and identify gaps, risks, and areas for improvement; • Design, implement, and maintain Information Security Management Systems (ISMS) in compliance with ISO 27001 or other relevant standards; • Develop and manage Information Security Master Plans (PDSI), aligning security strategy with business objectives; • Execute Third Party Cyber Risk Management (TPCRM) processes, including due diligence assessments, vendor risk scoring, and remediation planning; • Lead or support cybersecurity audits and regulatory compliance reviews (e.g., LGPD, GDPR, SOX); • Provide guidance and recommendations to clients on risk mitigation strategies, security policies, procedures, and controls; • Collaborate with cross-functional teams (Legal, IT, Compliance, Procurement, etc.) to embed security governance into broader business processes; • Conduct occasional on-site visits to clients or third parties as required by project needs; • Deliver executive-level reporting and presentations on risk posture, findings, and strategic recommendations; • Mentor junior consultants and support internal capability development within the GRC team; • Stay up to date with emerging threats, regulatory changes, and industry trends to continuously enhance client value and service delivery.

🎯 Requirements

• Deep understanding of **security frameworks**, **regulations**, and **cybersecurity compliance** requirements (e.g., NIST, CIS, ISO/IEC 27000); • Proven track record of leading and delivering **complex security projects** with direct client interaction; • Experience with **risk assessment tools and methodologies** is a plus; • Strong **analytical**, **organizational**, and **problem-solving** skills; • Excellent **interpersonal** and **communication** abilities, with the capability to convey complex topics in a clear and concise manner; • Certifications such as **CISSP**, **CISM**, **CRISC**, or similar are **strongly preferred**; • Comfortable working in **remote environments** while maintaining high engagement and collaboration with clients and teams. • Fluency in Portuguese and English.