[Job - 22124] Senior GRC Security Specialist, Brazil
Brazil
We are tech transformation specialists, uniting human expertise with AI to create scalable tech solutions.With over 6,500 CI&Ters around the world, we’ve built partnerships with more than 1,000 clients during our 30 years of history. Artificial Intelligence is our reality.
The GRC Security Analyst will play a key role in maintaining and enhancing our Governance, Risk, and Compliance program while ensuring adherence to industry standards and regulatory requirements in the medical device sector. This position requires a detail-oriented and proactive individual with a strong understanding of security governance/compliance practices.
Key Responsibilities:Third-Party Risk Assessments:- Lead and execute third-party risk assessments annually, ensuring alignment with internal risk standards and external compliance requirements.Cybersecurity Controls Monitoring:- Maintain and enhance the cybersecurity control framework by:• Mapping existing controls• Collecting evidence of execution• Identifying gaps or nonconformities• Aligning overlapping requirements under a unified structure- Ensure adherence to frameworks such as HITRUST, HIPAA, Spain ENS certification.Enterprise Risk Management:- Continuously identify, log, and analyze:• Control nonconformities• Unresolved/high-risk vulnerabilities across different sources- Maintain the Risk Registry.- Deliver timely risk treatment updates and reports to stakeholders.Policies and Procedures Development:- Create and maintain cybersecurity-related policies and procedures.- Ensure documentation complies with regulatory and contractual standards.Audit Support:- Serve as a key contributor in audit readiness efforts.- Ensure all cybersecurity processes, controls, and documentation meet external auditors' expectations.- Support audit engagements by providing evidence and clarification as needed.
Required Skills and Qualifications:- Conducting risk assessments, identifying potential vulnerabilities, and recommending mitigation strategies for medical device operations.- Collaborating with cross-functional teams to ensure effective communication and implementation of GRC policies, procedures, and controls.- Leading efforts to maintain and update GRC-related documentation, including risk assessments, policies, and procedures.- Participating in internal and external audits, providing necessary support and documentation to demonstrate compliance.- Strong understanding of GRC frameworks, industry standards, and regulatory requirements.- Excellent analytical skills and attention to detail.- Ability to work independently and within cross-functional teams.- Excellent communication skills, with the ability to collaborate with both technical and non-technical stakeholders.- Strong problem-solving skills, capable of making informed decisions under pressure.- Fluent English skills.- Proven track record working with U.S.-based companies.- Bachelor’s degree in Computer Science, Information Security, or related field.- Experience in GRC, compliance, or related roles.- Experience in the medical device industry.- Familiarity with compliance standards such as:• FDA regulations• HIPAA• ISO• NIST cybersecurity framework- Relevant certifications (a plus, not required):• CISSP• CISA• CRISC• Or equivalent
#LI-AM2#MidseniorOur benefits:
-Health and dental insurance-Meal and food allowance-Childcare assistance-Extended paternity leave-Wellhub (Gympass)-TotalPass-Profit-sharing (PLR)-Life insurance-CI&T University-Discount club-Free online platform dedicated to physical, mental, and overall well-being-Pregnancy and responsible parenting course-Partnerships with online learning platforms-Language learning platformAnd many more!More details about our benefits here: https://ciandt.com/br/pt-br/carreiras
Collaboration is our superpower, diversity unites us, and excellence is our standard. We value diverse identities and life experiences, fostering a diverse, inclusive, and safe work environment. We encourage applications from diverse and underrepresented groups to our job positions.
The GRC Security Analyst will play a key role in maintaining and enhancing our Governance, Risk, and Compliance program while ensuring adherence to industry standards and regulatory requirements in the medical device sector. This position requires a detail-oriented and proactive individual with a strong understanding of security governance/compliance practices.
Key Responsibilities:Third-Party Risk Assessments:- Lead and execute third-party risk assessments annually, ensuring alignment with internal risk standards and external compliance requirements.Cybersecurity Controls Monitoring:- Maintain and enhance the cybersecurity control framework by:• Mapping existing controls• Collecting evidence of execution• Identifying gaps or nonconformities• Aligning overlapping requirements under a unified structure- Ensure adherence to frameworks such as HITRUST, HIPAA, Spain ENS certification.Enterprise Risk Management:- Continuously identify, log, and analyze:• Control nonconformities• Unresolved/high-risk vulnerabilities across different sources- Maintain the Risk Registry.- Deliver timely risk treatment updates and reports to stakeholders.Policies and Procedures Development:- Create and maintain cybersecurity-related policies and procedures.- Ensure documentation complies with regulatory and contractual standards.Audit Support:- Serve as a key contributor in audit readiness efforts.- Ensure all cybersecurity processes, controls, and documentation meet external auditors' expectations.- Support audit engagements by providing evidence and clarification as needed.
Required Skills and Qualifications:- Conducting risk assessments, identifying potential vulnerabilities, and recommending mitigation strategies for medical device operations.- Collaborating with cross-functional teams to ensure effective communication and implementation of GRC policies, procedures, and controls.- Leading efforts to maintain and update GRC-related documentation, including risk assessments, policies, and procedures.- Participating in internal and external audits, providing necessary support and documentation to demonstrate compliance.- Strong understanding of GRC frameworks, industry standards, and regulatory requirements.- Excellent analytical skills and attention to detail.- Ability to work independently and within cross-functional teams.- Excellent communication skills, with the ability to collaborate with both technical and non-technical stakeholders.- Strong problem-solving skills, capable of making informed decisions under pressure.- Fluent English skills.- Proven track record working with U.S.-based companies.- Bachelor’s degree in Computer Science, Information Security, or related field.- Experience in GRC, compliance, or related roles.- Experience in the medical device industry.- Familiarity with compliance standards such as:• FDA regulations• HIPAA• ISO• NIST cybersecurity framework- Relevant certifications (a plus, not required):• CISSP• CISA• CRISC• Or equivalent
#LI-AM2#MidseniorOur benefits:
-Health and dental insurance-Meal and food allowance-Childcare assistance-Extended paternity leave-Wellhub (Gympass)-TotalPass-Profit-sharing (PLR)-Life insurance-CI&T University-Discount club-Free online platform dedicated to physical, mental, and overall well-being-Pregnancy and responsible parenting course-Partnerships with online learning platforms-Language learning platformAnd many more!More details about our benefits here: https://ciandt.com/br/pt-br/carreiras
Collaboration is our superpower, diversity unites us, and excellence is our standard. We value diverse identities and life experiences, fostering a diverse, inclusive, and safe work environment. We encourage applications from diverse and underrepresented groups to our job positions.
* Salary range is an estimate based on our InfoSec / Cybersecurity Salary Index 💰
Job stats:
1
0
0
Category:
Compliance Jobs
Tags: Artificial Intelligence Audits CISA CISSP Compliance Computer Science CRISC Governance HIPAA HITRUST Monitoring NIST Risk assessment Risk management Vulnerabilities
Perks/benefits: Career development Fitness / gym Health care Medical leave
Region:
South America
Country:
Brazil
More jobs like this
Explore more career opportunities
Find even more open roles below ordered by popularity of job title or skills/products/technologies used.
Information System Security Officer jobsInformation Security Specialist jobsSenior Cloud Security Engineer jobsSenior Security Analyst jobsSenior Cybersecurity Engineer jobsSystems Engineer jobsSystems Administrator jobsSenior Information Security Analyst jobsInformation Security Manager jobsCyber Security Specialist jobsSenior Network Security Engineer jobsIT Security Analyst jobsChief Information Security Officer jobsSecurity Consultant jobsSenior Information Security Engineer jobsIT Security Engineer jobsInformation System Security Officer (ISSO) jobsSecurity Specialist jobsSenior Product Security Engineer jobsInformation Systems Security Engineer jobsCyber Threat Intelligence Analyst jobsSenior Cyber Security Engineer jobsSecurity Operations Analyst jobsSenior Software Engineer jobsCyber Security Architect jobs
Encryption jobsCEH jobsJava jobsBash jobsTS/SCI jobsThreat detection jobsTerraform jobsTop Secret jobsSplunk jobsSDLC jobsRMF jobsSQL jobsSOC 2 jobsMalware jobsIDS jobsIPS jobsFinance jobsDocker jobsActive Directory jobsCompTIA jobsForensics jobsITIL jobsOWASP jobsGIAC jobsIntrusion detection jobs
VPN jobsAnsible jobsIT infrastructure jobsCRISC jobsHIPAA jobsDoDD 8570 jobsTCP/IP jobsOSCP jobsCCSP jobsClearance Required jobsZero Trust jobsData Analytics jobsBanking jobsMITRE ATT&CK jobsDNS jobsSOX jobsNIST 800-53 jobsUNIX jobsSOAR jobsJira jobsJavaScript jobsIndustrial jobsMachine Learning jobsEndpoint security jobsCISO jobs