Information Security GRC Specialist

This position is posted by Jobgether on behalf of a partner company. We are currently looking for an Information Security GRC Specialist in Brazil.

This role provides a pivotal opportunity to shape and maintain an organization’s information security governance, risk, and compliance (GRC) program. You will oversee security policies, technical standards, and procedures while coordinating internal and external security assessments. The position demands both strategic oversight and hands‑on engagement with cross‑functional teams, ensuring alignment with regulatory and industry standards. You will identify, assess, and mitigate security risks while driving continuous improvement in compliance processes. Collaboration with technical, regulatory, and business teams is key, and the role emphasizes proactive, high‑quality, and automated approaches to GRC. Ideal candidates are analytical, detail‑oriented, and adept at translating technical findings into actionable business insights.

• Maintain, implement, and continuously improve the Information Security GRC program.
• Coordinate internal and external audits, compliance assessments, and maturity evaluations.
• Ensure adherence to regulatory, contractual, and industry information security standards.
• Collaborate with cross‑functional teams to embed security controls into technical and business processes.
• Conduct risk assessments, monitor control effectiveness, and recommend remediation strategies.
• Support adoption and consistent application of security policies, procedures, and technical standards.
• Leverage automation and Agile approaches to shift from manual compliance to integrated, continuous practices.
• Provide reporting, metrics, and insights to stakeholders and senior management.

• Minimum of 5 years in Information Security GRC roles.
• At least 3 years leading or coordinating internal compliance assessments, audits, or strategic maturity evaluations.
• Strong knowledge of information security frameworks (ISO/IEC 27000 series, COBIT, NIST SP 800-xx, NIST CSF, CIS).
• Experience with regulatory and cybersecurity requirements applicable to financial or fintech organizations.
• Proficiency in scripting, JSON/YAML configurations, command‑line tools, and basic automation.
• Ability to analyze data from logs to identify trends and derive actionable insights.
• Certified Information Systems Auditor (CISA) or equivalent credentials.
• Knowledge of AWS Cloud Infrastructure or AWS Certified Cloud Practitioner.
• Strong communication, collaboration, and stakeholder management skills.
• Detail‑oriented with a proactive and continuous learning mindset.
• Nice‑to‑have: ISO 27k Lead Auditor, CISSP, PMP certifications, cloud security best practices, Agile/PMI methodologies, and familiarity with GDPR or other international regulations.

• Remote‑first work environment with global collaboration.
• Unlimited paid time off through the Me Time program.
• Employee stock options and premium health, dental, and life insurance in multiple countries.
• Extended family leave (4 months for all parents, birthing or non‑birthing, and adoptive).
• Zero trading fees via internal crypto platforms.
• Monthly stipend for wellness, fitness, sports, learning, and entertainment activities.
• Opportunities for professional growth and to make a meaningful impact in information security and risk management.

We use an AI‑powered matching process to ensure your application is reviewed quickly, objectively, and fairly against the role’s core requirements. Our system identifies the top‑fitting candidates, and this shortlist is then shared directly with the hiring company. The final decision and next steps (interviews, assessments) are managed by their internal team.

We appreciate your interest and wish you the best!

Data Privacy Notice: By submitting your application, you acknowledge that Jobgether will process your personal data to evaluate your candidacy and share relevant information with the hiring employer. This processing is based on legitimate interest and pre‑contractual measures under applicable data protection laws (including GDPR). You may exercise your rights (access, rectification, erasure, objection) at any time.