Back to search results

Business Information Security Officer

Sao Paulo, , Brazil

Job Description:

LATAM GIS BISO is currently looking for a BISO to join the Latin America Business GIS team in Brazil. The Information Security Officer will be a member of the Business Information Security Officer's (BISO) organization and work closely with the line of business Chief Information Officers (CIOs)/Chief Technology Officers (CTOs). In this role, the successful candidate will be supporting the Brazil franchise to develop a deep understanding of the business in order to have specialized information security risk-based discussions. This relationship will ensure a focus on the right risk priorities and provide guidance on information security topics, policies, controls, and regulatory-driven requirements.

Responsibilities:

  • Serve as an Information Security subject matter expert and participate in the development, implementation, and maintenance of information security for the line of business (LOB).
  • Advise LOB management on risk issues related to information security and recommend actions in support of the bank's wider risk management and compliance programs.
  • Monitor information security trends internal and external to the bank and keep LOB leadership informed about information security-related topics.
  • Collaborate with risk partners on info security critical priorities.
  • Support internal, external, and regulatory audit-related deliverables and action plans.
  • Work on regulatory requirements, including being able to deliver on requirements needed for the CMN 4,893 and CVM 35 regulations.
  • Close tracking and technical support on Enhanced Remediation Program (ERP) efforts.
  • Support leading the regional awareness program according to local needs.
  • Interfaces with global programs like Third-Party Information Security Assessment (TPIS), ADSF, etc to support local / regional initiatives.
  • Provide key local support on Identity and Access Management end-to-end process, including actively action whenever needed.
  • Operate as a liaison both internally and externally (e.g. banking associations).
  • Drive required risk culture and partnership with peer technology teams and supported LOB.
  • Participate in senior LOB specific Risk Management, Business Continuity and Control Functions activities.
  • Manage quality control and reporting. Identify and measure global information security (GIS) controls on most critical business processes or channels.
  • Support the triage process with the client and help them understand the GIS support structure.
  • Participate in key CIO operating routines to drive information security risk strategy.

Core skills and requirements:

  • Bachelors and/or Master’s degree in Computer Science, Information Technology or related field desirable.
  • 10+ years’ experience in Information Security & Technology, preferably having banking / financial institutions background.
  • 5+ years of risk management experience with proven ability to effectively apply risk principles to challenging business situations.
  • Possess strong / experienced application development and/or application security background; with solid knowledge of SDLC from design, testing, deployment to post-production and the different risk elements associated with each step.
  • Subject matter expertise in application security, vulnerability testing and development of risk appetite.
  • Experience evaluating cyber security controls and providing guidance for platform or distributed computing platforms (Cloud, PaaS).
  • Deep knowledge on local information and cybersecurity regulatory requirements (e.g. CVM 4,893 and CVM 35) and experience on implementation. Experienced understanding on LGPD and GDPR, in addition to key local market initiatives such as Open Banking and PIX.
  • Highly desirable: accredited Information Security certification(s) such as CISSP, CISM, CRISC, CISA.
  • Exceptional executive presentation and communication skills.
  • Excellent influencing and problem resolution skills.
  • High collaboration mindset, i.e. local, regional, and global teamwork. Capacity to work on operational, tactical, and executive topics simultaneously, for the country and as a key supporter for the LATAM region.
  • Ability to be comfortable delivering messages across a wide spectrum of individuals having varying degrees of technical understanding.
  • Strong leadership skills and qualities which enable you to work with peers and various levels of management.
  • Organization, high accountability mindset, and discipline to work with little supervision towards an expected high number of routines (e.g. meetings and e-mails communication).
  • Fluent English and Portuguese required. Spanish desirable.

Job Band:

H5

Shift: 

Hours Per Week:

40

Weekly Schedule:

Referral Bonus Amount:

0

Job Description:

LATAM GIS BISO is currently looking for a BISO to join the Latin America Business GIS team in Brazil. The Information Security Officer will be a member of the Business Information Security Officer's (BISO) organization and work closely with the line of business Chief Information Officers (CIOs)/Chief Technology Officers (CTOs). In this role, the successful candidate will be supporting the Brazil franchise to develop a deep understanding of the business in order to have specialized information security risk-based discussions. This relationship will ensure a focus on the right risk priorities and provide guidance on information security topics, policies, controls, and regulatory-driven requirements.

Responsibilities:

  • Serve as an Information Security subject matter expert and participate in the development, implementation, and maintenance of information security for the line of business (LOB).
  • Advise LOB management on risk issues related to information security and recommend actions in support of the bank's wider risk management and compliance programs.
  • Monitor information security trends internal and external to the bank and keep LOB leadership informed about information security-related topics.
  • Collaborate with risk partners on info security critical priorities.
  • Support internal, external, and regulatory audit-related deliverables and action plans.
  • Work on regulatory requirements, including being able to deliver on requirements needed for the CMN 4,893 and CVM 35 regulations.
  • Close tracking and technical support on Enhanced Remediation Program (ERP) efforts.
  • Support leading the regional awareness program according to local needs.
  • Interfaces with global programs like Third-Party Information Security Assessment (TPIS), ADSF, etc to support local / regional initiatives.
  • Provide key local support on Identity and Access Management end-to-end process, including actively action whenever needed.
  • Operate as a liaison both internally and externally (e.g. banking associations).
  • Drive required risk culture and partnership with peer technology teams and supported LOB.
  • Participate in senior LOB specific Risk Management, Business Continuity and Control Functions activities.
  • Manage quality control and reporting. Identify and measure global information security (GIS) controls on most critical business processes or channels.
  • Support the triage process with the client and help them understand the GIS support structure.
  • Participate in key CIO operating routines to drive information security risk strategy.

Core skills and requirements:

  • Bachelors and/or Master’s degree in Computer Science, Information Technology or related field desirable.
  • 10+ years’ experience in Information Security & Technology, preferably having banking / financial institutions background.
  • 5+ years of risk management experience with proven ability to effectively apply risk principles to challenging business situations.
  • Possess strong / experienced application development and/or application security background; with solid knowledge of SDLC from design, testing, deployment to post-production and the different risk elements associated with each step.
  • Subject matter expertise in application security, vulnerability testing and development of risk appetite.
  • Experience evaluating cyber security controls and providing guidance for platform or distributed computing platforms (Cloud, PaaS).
  • Deep knowledge on local information and cybersecurity regulatory requirements (e.g. CVM 4,893 and CVM 35) and experience on implementation. Experienced understanding on LGPD and GDPR, in addition to key local market initiatives such as Open Banking and PIX.
  • Highly desirable: accredited Information Security certification(s) such as CISSP, CISM, CRISC, CISA.
  • Exceptional executive presentation and communication skills.
  • Excellent influencing and problem resolution skills.
  • High collaboration mindset, i.e. local, regional, and global teamwork. Capacity to work on operational, tactical, and executive topics simultaneously, for the country and as a key supporter for the LATAM region.
  • Ability to be comfortable delivering messages across a wide spectrum of individuals having varying degrees of technical understanding.
  • Strong leadership skills and qualities which enable you to work with peers and various levels of management.
  • Organization, high accountability mindset, and discipline to work with little supervision towards an expected high number of routines (e.g. meetings and e-mails communication).
  • Fluent English and Portuguese required. Spanish desirable.

Learn more about this role

Full time

JR-22001238

Band: H5

Manages People:

Manager:

Talent Acquisition Contact:

Juliana Sales

Referral Bonus:

0