[Job-28859] Senior GRC Security Specialist, Brazil

 

Hi There, This is Laura from CI&T!

 

I am a Talent Attracting Analyst looking for people located in Brazil for a Senior GRC Security Analyst to join our team. The GRC Security Analyst will play a key role in maintaining and enhancing our Cybersecurity Risk Management Process while ensuring adherence to industry standards and regulatory requirements in the medical device sector. This position requires a detail-oriented and proactive individual.

 

 

- Enterprise Cybersecurity Risk Management: Continuously identify, log, and analyze control nonconformities and unresolved/high-risk vulnerabilities across different sources. Maintain the Risk Registry and deliver timely risk treatment updates and reports to stakeholders.

- Third-party Cybersecurity Risk Assessments: Executed annually, ensuring alignment with internal risk standards and external compliance requirements.

- Cybersecurity Controls Management: Maintain and enhance the cybersecurity control framework by mapping existing controls, collecting evidence of execution, identifying gaps or nonconformities, and aligning overlapping requirements under a unified structure. Ensure adherence to frameworks such as HITRUST, HIPAA, Spain ENS certification.

- Policies and Procedures Development: Create and maintain cybersecurity-related policies and procedures. Ensure documentation complies with regulatory and contractual standards.

 

 

- Excellent communication skills, with the ability to collaborate effectively with technical and non-technical stakeholders.

-Strong years of experience in GRC, Cyber Risk Management, or related roles.

- Strong analytical and problem-solving skills, with the ability to make informed decisions in high-pressure situations.

- Conduct cybersecurity risk assessments, identify potential vulnerabilities, and recommend strategies to mitigate risks.

- Collaborate with cross-functional teams to ensure that GRC policies, procedures, and controls are effectively communicated and implemented.

- Lead efforts to maintain and update documentation related to GRC processes, including risk assessments, policies, and procedures.

- Participate in internal and external audits, providing support and documentation as needed to demonstrate compliance.

- Strong understanding of GRC frameworks, industry standards, and regulatory requirements.

- Excellent analytical skills, attention to detail, and the ability to work independently and in cross-functional teams.

 

-Threat Intelligence Experience or KnowHow.
-Proven track record of working for companies based in the United States.
-Bachelor’s degree in Computer Science, Information Security, or a related field.
-Experience in the medical device industry.
-Familiarity with compliance standards such as FDA regulations, HIPAA, ISO, and NIST cybersecurity framework.
-Relevant certifications such as CISSP, CISA, CRISC or equivalent a plus but not required.

 

We are looking forward to receiving your application and working together to drive our success.

 

 

#LI-LO1

 

 

Hi There, This is Laura from CI&T!

 

I am a Talent Attracting Analyst looking for people located in Brazil for a Senior GRC Security Analyst to join our team. The GRC Security Analyst will play a key role in maintaining and enhancing our Cybersecurity Risk Management Process while ensuring adherence to industry standards and regulatory requirements in the medical device sector. This position requires a detail-oriented and proactive individual.

 

 

- Enterprise Cybersecurity Risk Management: Continuously identify, log, and analyze control nonconformities and unresolved/high-risk vulnerabilities across different sources. Maintain the Risk Registry and deliver timely risk treatment updates and reports to stakeholders.

- Third-party Cybersecurity Risk Assessments: Executed annually, ensuring alignment with internal risk standards and external compliance requirements.

- Cybersecurity Controls Management: Maintain and enhance the cybersecurity control framework by mapping existing controls, collecting evidence of execution, identifying gaps or nonconformities, and aligning overlapping requirements under a unified structure. Ensure adherence to frameworks such as HITRUST, HIPAA, Spain ENS certification.

- Policies and Procedures Development: Create and maintain cybersecurity-related policies and procedures. Ensure documentation complies with regulatory and contractual standards.

 

 

- Excellent communication skills, with the ability to collaborate effectively with technical and non-technical stakeholders.

-Strong years of experience in GRC, Cyber Risk Management, or related roles.

- Strong analytical and problem-solving skills, with the ability to make informed decisions in high-pressure situations.

- Conduct cybersecurity risk assessments, identify potential vulnerabilities, and recommend strategies to mitigate risks.

- Collaborate with cross-functional teams to ensure that GRC policies, procedures, and controls are effectively communicated and implemented.

- Lead efforts to maintain and update documentation related to GRC processes, including risk assessments, policies, and procedures.

- Participate in internal and external audits, providing support and documentation as needed to demonstrate compliance.

- Strong understanding of GRC frameworks, industry standards, and regulatory requirements.

- Excellent analytical skills, attention to detail, and the ability to work independently and in cross-functional teams.

 

-Threat Intelligence Experience or KnowHow.
-Proven track record of working for companies based in the United States.
-Bachelor’s degree in Computer Science, Information Security, or a related field.
-Experience in the medical device industry.
-Familiarity with compliance standards such as FDA regulations, HIPAA, ISO, and NIST cybersecurity framework.
-Relevant certifications such as CISSP, CISA, CRISC or equivalent a plus but not required.

 

We are looking forward to receiving your application and working together to drive our success.

 

 

#LI-LO1