Staff Security Engineer, Risk & Compliance

About Nubank

Nubank was founded in 2013 to free people from a bureaucratic, slow and inefficient financial system. Since then, through innovative technology and outstanding customer service, the company has been redefining people's relationships with money across Latin America. With operations in Brazil, Mexico, and Colombia, Nubank is today one of the largest digital banking platforms and technology-leading companies in the world.

Today, Nubank is a global company, with offices in São Paulo (Brazil), Mexico City (Mexico), Buenos Aires (Argentina), Bogotá (Colombia), Durham (United States), and Berlin (Germany). It was founded in 2013 in Sao Paulo, by Colombian David Vélez, and cofounded by Brazilian Cristina Junqueira and American Edward Wible. For more information, visit www.nubank.com.br .

As a Staff Security Engineer, you’re expected to:

• Assess security gaps within the organization, in different technologies and business
• contexts, enabling risk treatment and designing action plans as necessary;
• Develop and implement policies and procedures related to information securit and risk management;
• Support compliance with regulatory requirements related to security and privacy
• providing visibility and technical guidance on strategies for compliance and possible
• trade-offs based on risk;
• Collaborate with cross-functional teams to understand the business requirements, and
• translate them into technical specifications;
• Define guidelines and best practices on risk management and business security matters that empower Nubankers to perform their work efficiently and securely;
• Work in a multidisciplinary and global team, interacting with teams mainly in Brazil,
• Mexico, and Colombia;
• Proven experience in designing and implementing security controls;
• Familiarity with different domains and concepts of cyber security;
• Strong inclination towards data-driven decision-making.

• Experience with large-scale distributed environments;
• Analysis of existing business processes and identify potential risks related to information security;
• Experience with risk analysis techniques like risk identification, assessment and prioritization and qualitative and quantitative risk assessment techniques is needed;
• Advanced understanding of cybersecurity principles, risk management frameworks (such as NIST, Cybersecurity Framework, NIST SP 800-30, FAIR, ISO 27001, ISO 27002, ISO 27005, ISO 31000 or COSO);
• Demonstrated expertise in regulatory frameworks applicable to information security and cyber risk management in the financial sector across Brazil, Mexico, and Colombia. This includes, but is not limited to:
• Mexico: CNBV cybersecurity guidelines, regulatory circulars on operational risk and technological resilience, and compliance expectations set by Banxico.
• Colombia: SFC (Superintendencia Financiera de Colombia) regulations related to technology risk, including Circular Externa 007 and guidelines for cybersecurity governance and incident reporting.
• Ability to map and interpret cross-country requirements, translate them into actionable controls, and advise on compliance strategies in a fast-paced, tech-driven financial environment essential.
• Parking partnership - discounted parking in our office
• Free bike parking with showers available
• NuCare - Our mental health and wellness assistance program
• Extended maternity and paternity Leaves
• Child care allowance
• Onsite Health Center - Medical support for every Nubanker in our office

Diversity & Inclusion

At Nubank, we want to be sure that we're building a more diverse and inclusive workplace that reflects the customers we serve and seek to empower. That's why we hire based on equality. We consider gender, ethnicity, race, religion, sexual orientation, and other identity markers as enriching elements to our company while ensuring neither of them represent a barrier when recruiting fantastic talent.

*

indicates a required field

First Name *

Last Name *

Preferred First Name

Email *

Phone

Resume/CV

Enter manually

Accepted file types: pdf, doc, docx, txt, rtf

Enter manually

Accepted file types: pdf, doc, docx, txt, rtf

LinkedIn Profile *

Website

Location * Select...

Select...

Do you have a strong background in cybersecurity, including cloud and application security, and can you effectively evaluate and identify cyber risks? * Select...

Have you had experience managing a team or acting in a leadership role, potentially as a champion for other individual contributors, even if it was not a direct reporting relationship? * Select...

Are you experienced with the three lines of defense in IT security risk management, and can you effectively communicate and implement company methodologies to various teams, including those focused on cloud security and infrastructure? * Select...

Do you possess a strong understanding of cybersecurity principles and risk management frameworks, such as NIST, ISO 27001, ISO 31000, and can you apply risk analysis techniques for both qualitative and quantitative assessments? * Select...

Have you worked with cross-functional and global teams, particularly in Brazil, Mexico, and Colombia, to translate business requirements into technical specifications and inform on compliance strategies? * Select...