Remote Security Risk Associate

Summary

Join Ubiminds as a Security Risk Associate to work with the Senior Security Risk Manager in ensuring the Governance, Risk, and Compliance functions of the client's Information Security program meet overall security policies and standards. As a key contact for identifying security risks, you will raise awareness and coordinate risk reduction plans with IT, legal, and business units.

Requirements

• Advanced/fluent English skills – Excellent written and verbal communication skills
• Strong background in information security governance, risk, and compliance
• Knowledge and hands-on experience with tabletop exercises
• Performed risk and compliance assessments, including vendor risk assessments
• Participated in customer audits
• Knowledge of SOC 2 Type II framework, GLBA, NIST CSF, and ISO 27001 requirements
• Knowledge of ESMA, FCA, and SEC requirements related to cybersecurity and operational resilience (DORA)
• Belong to an industry group (ISSA, ISACA, Infragard, SANS, FS-ISAC, etc.)
• Knowledge of security architecture, cloud security, and understanding of technical architecture conversations
• Written security policies, standards, and procedures for security operations and the organization
• Detail-oriented and skilled at creating documentation

Responsibilities

• Collaborate with the security team and business leads to evaluate third-party vendors, applications, and services organization-wide as part of vendor management
• Identify strengths and areas for improvement in organizational security posture and risk management acceptance
• Improve security vendor management procedures
• Serve as a key contact for identifying security risks, raising awareness, and coordinating risk reduction plans with IT, legal, and business units
• Coordinate third-party assessments, ensuring vendors are properly evaluated, and respond to client questionnaires
• Manage the Business Continuity Program (BCP), keeping Business Impact Analysis (BIA) documents maintained and the program updated and tested regularly
• Oversee the Disaster Recovery Program, ensuring systems and processes are documented and tested regularly
• Ensure Information Security policies and procedures are complete, pragmatic, and up to date
• Conduct compliance and risk activities, including yearly gap analysis against security frameworks and maintaining the risk register
• Engage with the business to align risk appetite with operational reality
• Collaborate with the client’s business, developers, and IT teams to solve problems, escalate issues, and provide exceptional customer service

Preferred Qualifications

• Certifications: CISSP, GSEC, CISA, CRISC
• Have more than 3 years of direct hands-on experience within the information security and risk management field

Benefits

• Are placed in a product-based company, with the same treatment as their full-time employees
• Have our full back-office support, from career guidance to HR and concierge services
• Enjoy our remote-first policy – we are a distributed team, after all
• Get your own MacBook (none of that 'bring your own device' stuff here)
• Have access to growth opportunities with other amazing technology professionals, through tech talks, chapter meetings, and even remote happy hours for tons of fun!
• Improve your English through free lessons with a native English speaker - get to the next level on your communication skills!
• Candidate Referral bonus (promote Ubi to your tech friends, and get paid for it!)
• Miss working in the office? Our cool Florianópolis headquarters is available, whenever you want, with weekly quick massages & tasty snacks, soft drinks, and games