IT Risk Senior Analyst

Location: São Paulo, SP, Brazil

Conduct comprehensive risk assessments across various IT domains, identifying potential vulnerabilities, threats, and impacts. Analyze risks to determine their significance and develop insights for senior management.
Develop and implement effective risk mitigation strategies that align with business objectives and regulatory requirements (e.g., for BCB: Res. 85 and 4893, and for Investments: CVM 035, CVM 021, and PQO).
Collaborate with relevant stakeholders to ensure the successful execution of risk management initiatives.
Monitor regulatory changes and industry best practices to ensure IT risk management practices remain compliant.
Collaborate with incident response teams to develop plans for handling and recovering from IT security incidents. Participate in post-incident analysis and recommend improvements to prevent future occurrences.
Communicate complex IT risk issues and solutions to both technical and non-technical stakeholders. Prepare metrics, reports, and updates for senior management and executive leadership.
Drive continuous improvement in IT risk management processes. Identify opportunities to enhance existing procedures, tools, and methodologies to adapt to evolving risk landscapes.
Provide guidance and mentorship to junior members of the IT risk team. Assist in their professional development by sharing expertise and knowledge.

Minimum of 5 years relevant experience in cybersecurity or IT Risk Management, with a focus on risk assessment, analysis, and mitigation. Bachelor’s degree in Information Security, Computer Science, or a related field. Master’s degrees or relevant certifications (e.g., CISA, CISSP, CRISC) are pluses.
In-depth understanding of information security principles, risk frameworks, and regulatory compliance (e.g., NIST, LGPD, ISO 27001).
Analytical and problem-solving skills, with the ability to translate complex technical information into clear business insights.
Strong knowledge of technology environments, including information security, identity and access management, and cloud-born environments (e.g., AWS and GCP).
Advanced English communication skills, both written and verbal.