Cybersecurity IAM Engineer focusing on designing, implementing, and maintaining PAM solutions at BD. Key responsibilities include managing privileged accounts and mitigating security risks.
About the role
- Leading strategic initiatives in Information Security Governance and Compliance at Creditas. Developing policies and managing risk assessment processes to ensure organizational security compliance.
Responsibilities
- Will be responsible for leading and executing strategic Governance, Risk and Compliance (GRC) initiatives in Information Security, acting as a focal point to ensure compliance with industry best practices and regulations. This professional will:
- Develop corporate and technical documentation (Policies and Standards) ensuring compliance with ISO 27001 and other relevant standards.
- Perform critical reviews of security-related documentation, identifying improvements and ensuring accuracy and compliance.
- Implement controls based on information security, risk management and compliance frameworks and standards.
- Conduct the information security risk assessment process, from identification and analysis to mitigation and continuous monitoring.
- Support the Privacy team with technical measures to ensure compliance with data protection laws, adjusting IT processes as required.
- Interface with business areas to seek improvements and enhancements in security awareness program activities.
- Implement security awareness programs for all employees, promoting an information security culture.
- Develop and implement information security controls and processes aimed at continuous service improvement.
- Prepare and maintain tactical and operational reports and metrics.
- Support assessment and application of existing controls to new projects and supplier onboarding, ensuring required controls are met.
- Design and validate evaluation, testing and audit strategies and adherence to policies and standards.
- Organize Information Security committees.
- Coordinate audit deliverables with the Information Security teams.
- Participate in internal and external audits to ensure regulatory compliance.
- Manage the audit non-conformity (findings) lifecycle, from identification to implementation of corrective actions.
Requirements
- Bachelor's degree in Computer Science, Systems Analysis, Information Technology, Information Security, Information Systems and/or related areas.
- Knowledge of IT technologies to liaise with business areas and technical teams, ensuring security policies are understood and effectively implemented.
- Knowledge and experience in audit and governance processes.
- Experience developing and implementing Information Security plans, policies and standards.
- Knowledge of the application of frameworks such as: NIST, ISO 27001 and 27002, SOC.
- Familiarity with COBIT, ITIL, OWASP, CIS, CMMI, LGPD, GDPR.
- Excellent verbal and written communication skills.
- Organizational control to ensure quality and meet deadlines.
- Negotiation, collaboration and teamwork skills to interact with business areas and other technical teams, promoting solutions that align security and business objectives.
- Ability to influence and lead initiatives, acting as an evangelist for information security culture within the organization.
- Availability for hybrid work: required to attend our office in the Morumbi area of São Paulo once a month for 4 consecutive days, usually in the last or first week of the month (Creditas in Person).
Benefits
- Health Plan (Alice)
- Dental Plan (SulAmérica)
- Wellz: 100% free therapy sessions
- Wellhub: access to gyms and studios
- Creditas Endurance: high-impact sports incentive program
- Pharmacy agreement (Univers)
- Life Insurance (Porto Seguro)
- Birthday day off
- Extended parental leave: 6 months for birth parents and 35 days for non-birth parents
- Family Care: support program for maternity and paternity
- Childcare allowance
- Support for dependents with disabilities (PWDs)
- SESC: access to units for you and your dependents
- Meal Allowance (VR): flexible benefits card (Creditas Card)
- Payroll-deductible loan (Creditas Benefits)
- Salary advance (Creditas Benefits)
- Discounts on insurance (Minuto Seguros)
- Access to exclusive financial education content in the Creditas app
- PPR: profit-sharing program
- Educational and development incentives
- Flexible work model
- Free bike parking at the office
- Partnered parking at the office (subject to internal availability)
Job title
Job type
Experience level
Salary
Not specified
Degree requirement
Location requirements
Senior Manager in Cybersecurity responsible for IAM Operations, leading access provisioning, automation and enhancing operational support. Overseeing a large team and driving process improvements in a healthcare technology company.
Distribution Sales Manager overseeing sales growth for security solutions via distribution partners. Collaborating with internal teams to maximize revenue and market share while managing key relationships.
Principal Software Engineering Architect leading design and development of Information Security systems at TransUnion. Collaborating on cybersecurity architecture and DevOps initiatives across various functions.
Director of Information Security leading security and risk management for Capital One. Collaborating across teams to enhance cybersecurity strategies and protect technology platforms.
Senior Manager overseeing InfoSec program initiatives for organizational cybersecurity. Driving execution and collaboration with engineering and external vendors in a complex environment.
Senior Director responsible for customer - facing security representation, leading technical discussions, and ensuring security architecture confidence within the company.
Senior RACF Security Administrator at Elevance Health ensuring Mainframe security through engineering, trouble resolution, and implementing security strategies.
Internship in Cyber Technology & Transformation at Almond, focusing on cybersecurity roadmap and methodologies. Collaborate with experts to enhance client cybersecurity practices.
OT Cyber Security Consultant securing operational technology environments with a focus on ICS and SCADA networks. Developing cybersecurity strategies and collaborating with clients across various sectors.