Summary
Join QuintoAndar, Latin America's largest real estate ecosystem, as an Information Security Risk Management professional. You will develop and maintain information security policies, processes, and procedures, overseeing the third-party risk management program. Responsibilities include risk assessment, monitoring, reporting, and conducting security awareness programs. The role requires extensive experience in cybersecurity risk management, compliance, and governance. QuintoAndar offers a competitive salary and benefits package, including health and dental plans, life insurance, and extended parental leave. The technology team operates on a remote-first model, with flexible work options in Brazil.
Requirements
- Proven experience in cybersecurity risk management, compliance, governance, and third-party risk management (7+ years)
- Knowledge in crisis management and business continuity (BCP/DRP)
- Knowledge and previous implementation of Information Security frameworks/standards(such as NIST and ISO 27001)
- Experience designing, implementing, and managing TPRM programs
- Knowledge of the main concepts of Information Security, as well as being up to date with threats and trends in this topic
- Experience with risk analysis techniques, such as identification, assessment and prioritization of risks and qualitative and quantitative risk assessment techniques
- Being familiar with a GRC tools and security technologies
- Proficient communication in English and Portuguese
Responsibilities
- Develop and update Policies, Processes and Procedures related to Information Security processes (in line with Risk Frameworks such as NIST and best practices such as ISO 27001)
- Oversee and enhance the Third-Party Risk Management Program (TPRM), including assessing and monitoring cybersecurity risks associated with vendors and suppliers
- Develop and conduct the information Security Risk Management Program, by monitoring risks and performance indicators
- Perform analysis, validation and reporting on Security Information risks (related to identification, prioritization, treatment and monitoring)
- Monitor the effectiveness of Risk Management initiatives and update risk registers
- Coordinate internal and external security audits, ensuring compliance with regulatory requirements
- Plan and conduct the Information Security Awareness Program
- Act as a liaison between different departments within Grupo QuintoAndar regarding the Security Information Risk Management process
Benefits
- Competitive salary package
- Bonus
- Meal allowance ("Flash benefΓcios")
- Health plan
- Dental plan (optional)
- Life insurance
- Daycare subsidy
- Subsidy to sports practicing (Wellhub)
- Extended maternity and paternity leave
- Reserved room for breast-feeding
- Discount on our parking lot
- Language learning support
- Free transfer from Vila Madalena and Fradique Coutinho stations to the office
- Free bike rack in our parking lot