Cybersecurity, Governance & Risk Specialist

Summary

Join QuintoAndar, Latin America's largest real estate ecosystem, as an Information Security Risk Management professional. You will develop and maintain information security policies, processes, and procedures, overseeing the third-party risk management program. Responsibilities include risk assessment, monitoring, reporting, and conducting security awareness programs. The role requires extensive experience in cybersecurity risk management, compliance, and governance. QuintoAndar offers a competitive salary and benefits package, including health and dental plans, life insurance, and extended parental leave. The technology team operates on a remote-first model, with flexible work options in Brazil.

Requirements

• Proven experience in cybersecurity risk management, compliance, governance, and third-party risk management (7+ years)
• Knowledge in crisis management and business continuity (BCP/DRP)
• Knowledge and previous implementation of Information Security frameworks/standards(such as NIST and ISO 27001)
• Experience designing, implementing, and managing TPRM programs
• Knowledge of the main concepts of Information Security, as well as being up to date with threats and trends in this topic
• Experience with risk analysis techniques, such as identification, assessment and prioritization of risks and qualitative and quantitative risk assessment techniques
• Being familiar with a GRC tools and security technologies
• Proficient communication in English and Portuguese

Responsibilities

• Develop and update Policies, Processes and Procedures related to Information Security processes (in line with Risk Frameworks such as NIST and best practices such as ISO 27001)
• Oversee and enhance the Third-Party Risk Management Program (TPRM), including assessing and monitoring cybersecurity risks associated with vendors and suppliers
• Develop and conduct the information Security Risk Management Program, by monitoring risks and performance indicators
• Perform analysis, validation and reporting on Security Information risks (related to identification, prioritization, treatment and monitoring)
• Monitor the effectiveness of Risk Management initiatives and update risk registers
• Coordinate internal and external security audits, ensuring compliance with regulatory requirements
• Plan and conduct the Information Security Awareness Program
• Act as a liaison between different departments within Grupo QuintoAndar regarding the Security Information Risk Management process

Benefits

• Competitive salary package
• Bonus
• Meal allowance ("Flash benefícios")
• Health plan
• Dental plan (optional)
• Life insurance
• Daycare subsidy
• Subsidy to sports practicing (Wellhub)
• Extended maternity and paternity leave
• Reserved room for breast-feeding
• Discount on our parking lot
• Language learning support
• Free transfer from Vila Madalena and Fradique Coutinho stations to the office
• Free bike rack in our parking lot