About the role

Senior Analyst in Information Governance at Porto aligning SI strategy with organizational goals. Managing risks, compliance, and audit points in information security.

Responsibilities

Manage information security (SI) risks and non-compliance;
Review and monitor risk action plans established by the lines of defense;
Manage audit findings (internal and external) and information security cyber risks, discussing action plans to remediate risks at their root cause;
Assess regulatory risks related to information security;
Integrate topics addressed in SI risk management with Information Security domains;
Facilitate the Information Security Risk committee to support decision-making and optimize risk treatment by information security management;
Define, track progress, and provide visibility of KRIs (Key Risk Indicators);
Monitor and perform control tests on risk causes through periodic checks, flagging process deviations that may affect the current risk level and notifying stakeholders to implement action plans;
Drive continuous improvement of processes involving information security risks;
Provide visibility of information security risks identified in business verticals and coordinate the necessary alignments so these risks are recorded by the second line of defense;
Prepare executive reports and presentations for management, translating risk results into business language;
Act as the focal point for process-related inquiries;
Promote continuous improvement of processes involving information security risks.

Bachelor's degree in Technology, IT Governance, Information Security, Cyber Risk, or IT Audit;
Knowledge and experience in information security, IT, cyber, cloud security, software development, vulnerability management and cyber threats, risk assessment, and systems auditing;
Ability to identify, assess, and quantify potential risks;
Knowledge of the requirements and impacts of SUSEP Circular No. 638/2021 and BACEN Resolution No. 4,893/2020;
Knowledge of other relevant laws, such as LGPD, GDPR, and cybersecurity in general;
Knowledge and experience applying major industry frameworks: ISF (Information Security Forum), NIST, CSA, PCI, ISO 27000 family, CIS, COBIT;
Experience in interactions with regulatory bodies;
Knowledge and/or experience implementing and using GRC tools;
Ability to work independently and as part of a team;
Strong communication skills;
Ability to manage security risks that may be introduced into the environment and to stay current with the evolving threat landscape;
Improve information security controls, seeking automated solutions to streamline processes;
Focus on continuous learning and collaboration between the technical and business teams involved in information security risk management.

Flexible meal and food allowances;
Health plan;
Dental plan;
Wellhub and TotalPass;
Bio Ritmo gym exclusive for employees: at the Headquarters complex;
Profit sharing (PLR);
Share program: "Porto em Ação" — complementary to PLR until 2025;
Sand and multi-sport courts: at the Headquarters complex;
Transportation voucher;
Shuttle van services available from the main access stations to Porto (Luz, Barra Funda, Santa Cecília, and Júlio Prestes);
Extended parental leave: up to 40 days for all family configurations;
Extended maternity leave of 6 months;
Medical outpatient clinic with specialties: at Headquarters and Barra Funda;
Childcare or nanny allowance;
Life insurance;
Private pension plan — PortoPrev;
Discounts on products and services;
Education scholarship: reimbursement for undergraduate, postgraduate, or MBA courses;
Monthly race subsidies for major road races in São Paulo;
Language course reimbursement (English or Spanish);
Porto Theater: exclusive sessions for employees;
Library;
Rest room: at the Headquarters complex;
Game room: at the Headquarters complex;
Massage and podiatry services: at the Headquarters complex;
Work location: On-site (we operate hybrid models, which will be discussed during the recruitment process);