Information Security GRC Analyst — Compliance and Audit

Job not on LinkedIn

🔥 3 minutes ago

Apply Now

Find Similar Remote Jobs

Receive Emails For Remote Jobs

📊 Check your resume score for this job

Improve your chances of getting an interview by checking your resume score before you apply.

Upload Resume

ASAAS

WebsiteLinkedInAll Job Openings

501 - 1000 employees

Founded 2010

🥽 AR/VR

📱 Media

🛍️ eCommerce

AR/VR • Media • eCommerce

ASAAS is a leading producer of 360° virtual tours in virtual reality. The company specializes in creating customized virtual tours, utilizing advanced technologies, including 360° video, drone technology, and interactive features, to enhance business visibility and engagement. With a commitment to quality and customer satisfaction, ASAAS offers immersive experiences for various industries, including schools, hotels, museums, and healthcare facilities, and aims to elevate online presence through innovative virtual solutions.

📋 Description

• Support the maintenance and evolution of the ISMS (ISO 27001) and PCI-DSS, including controls, Statement of Applicability (SoA) and documentation • Ensure compliance and monitor cloud security posture, acting consultatively with Engineering and Infrastructure teams prior to formal audit cycles • Support M&A activities by conducting security assessments of acquired companies and designing plans to raise their security maturity • Create, review and maintain Information Security policies, standards and procedures • Support sustainment of compliance programs (ISO 27001/27002, SOC 2 Type II, PCI DSS and SOX) • Support the execution of internal audits and follow up on external audits, organizing evidence and responding to requests • Monitor security controls and technical/regulatory action plans (including requirements from Bacen (Brazilian Central Bank) and PCI) with the responsible areas • Organize and maintain audit evidence and operational effectiveness testing of controls • Support the preparation of reports, compliance indicators (KPIs) and risk status updates for committees and executive boards.

🎯 Requirements

• Previous professional experience in the financial sector (e.g., fintechs) • Prior experience in Information Security, GRC, Compliance or IT Audit • Experience with Bacen resolutions and regulatory requirements • Practical experience in cloud security and posture monitoring (Cloud Security / CSPM) • Knowledge of cloud security principles based on industry frameworks (e.g., ISO 27017) • Practical knowledge of ISO 27001/27002 and fundamentals of audit and risk management • Hands-on experience with PCI DSS certification requirements • Understanding of IT processes and controls (access management, change management, vulnerability management, logging, backups) • Excellent communication and teaching ability to translate technical concepts for multiple stakeholders (from technical teams to executive committees)

🏖️ Benefits

• Medical and dental insurance with no co-payment • Life insurance • Allowance for medication purchases • Subsidy for physical activity • 4 free monthly sessions for therapy or nutritionist • Flexible meal allowance via a Visa credit card • Free food on-site at headquarters • Daycare assistance • Parental support program • Extended maternity and paternity leave • In-company training platform • Education assistance subsidizing 70% of tuition for degrees and language courses, and for purchasing courses and books • Home Office allowance • Work equipment provided • Furniture allowance • Partnerships with coworking spaces • Day Off during birthday month • Happy Hour allowance • Referral bonus for new hires • Bonus based on annual targets • Stock Options plan • Casual, relaxed work environment (no dress code)