Grupo QuintoAndar | CyberSecurity Governance & Risk Specialist
Join us to apply for the CyberSecurity Governance & Risk Specialist role at QuintoAndar .
About QuintoAndar
QuintoAndar was born to do something very rewarding: open doors. We integrate technology into everyday living, simplifying and reducing bureaucracy for those seeking a new home. We are the most valuable proptech in Latin America, leading the real estate market across six countries and over 75 cities globally.
Our journey into international markets began with the acquisition of Grupo Navent, ranked number 1 in Mexico (Inmuebles24), Argentina (Zonaprop), Peru (Adondevivir & Urbania), and Ecuador (Plusvalia). Recently, we launched Benvi in Mexico, our international brand offering residential rental services.
We provide an end-to-end ecosystem that makes renting, buying, selling, and transacting seamless, transparent, and fast, with minimal paperwork and excellent human support. Valued at over $5.1 billion as of August 2021, we continue to grow fourfold annually, driven by over 4,000 talented professionals working with cutting-edge technology in an innovative, collaborative, high-performance environment.
Learn more about us at quintoandar.group/en .
About Grupo QuintoAndar
We are Latin America's largest real estate ecosystem, dedicated to helping people love where they live. Our diverse portfolio covers all stages of the living experience, leveraging technology and innovation to transform the industry.
Working at QuintoAndar
* Opportunities for learning
* Collaborative environment with best practices and tools
* Informal, horizontal organizational structure
* High-impact projects affecting thousands of lives
Location & Remote Work
Our tech team operates on a 'remote-first' basis, allowing you to work from anywhere in Brazil, with options for office work in São Paulo or Campinas, or coworking spaces up to twice a week.
Language
This role requires proficiency in English for communication with international colleagues and suppliers, as well as for internal tools and materials.
Selection Process
Our process lasts approximately 30-40 days, including:
* Application & CV review
* Recruiter interview
* Technical assessment
* Interviews with engineering team
* Offer stage
Responsibilities
* Develop and update policies, processes, and procedures for information security, aligned with frameworks like NIST and standards such as ISO 27001
* Manage and improve the Third-Party Risk Management Program (TPRM), assessing cybersecurity risks of vendors and suppliers
* Implement and monitor the Information Security Risk Management Program, tracking risks and performance indicators
* Analyze, validate, and report on security risks, including identification, prioritization, and monitoring
* Ensure the effectiveness of risk management initiatives and maintain risk registers
* Coordinate internal and external security audits, ensuring regulatory compliance
* Plan and execute the Information Security Awareness Program
* Act as a liaison across departments regarding Security Risk Management processes
Minimum Requirements
* 7+ years of experience in cybersecurity risk management, compliance, governance, and third-party risk management
* Knowledge of crisis management and business continuity planning (BCP/DRP)
* Experience with Information Security frameworks (NIST, ISO 27001)
* Proven track record in designing and managing TPRM programs
* Strong understanding of information security concepts, threats, and trends
* Expertise in risk analysis techniques, including qualitative and quantitative assessments
* Familiarity with GRC tools and security technologies
* Proficiency in English and Portuguese
Additional Notes
Our hiring process emphasizes candidate engagement. We review all applications thoroughly and provide feedback, regardless of the outcome. Ensure your application reflects your genuine interest.
All communication will be via email; please whitelist our domain to avoid missing updates.
#J-18808-Ljbffr