Grupo QuintoAndar | CyberSecurity Governance & Risk SpecialistJoin us to apply for the CyberSecurity Governance & Risk Specialist role at QuintoAndar.About QuintoAndarQuintoAndar was born to do something very rewarding: open doors. We integrate technology into everyday living, simplifying and reducing bureaucracy for those seeking a new home. We are the most valuable proptech in Latin America, leading the real estate market across six countries and over 75 cities globally.Our journey into international markets began with the acquisition of Grupo Navent, ranked number 1 in Mexico (Inmuebles24), Argentina (Zonaprop), Peru (Adondevivir & Urbania), and Ecuador (Plusvalia). Recently, we launched Benvi in Mexico, our international brand offering residential rental services.We provide an end-to-end ecosystem that makes renting, buying, selling, and transacting seamless, transparent, and fast, with minimal paperwork and excellent human support. Valued at over $5.1 billion as of August 2021, we continue to grow fourfold annually, driven by over 4,000 talented professionals working with cutting-edge technology in an innovative, collaborative, high-performance environment.Learn more about us at quintoandar.group/en.About Grupo QuintoAndarWe are Latin America's largest real estate ecosystem, dedicated to helping people love where they live. Our diverse portfolio covers all stages of the living experience, leveraging technology and innovation to transform the industry.Working at QuintoAndarOpportunities for learningCollaborative environment with best practices and toolsInformal, horizontal organizational structureHigh-impact projects affecting thousands of livesLocation & Remote WorkOur tech team operates on a 'remote-first' basis, allowing you to work from anywhere in Brazil, with options for office work in São Paulo or Campinas, or coworking spaces up to twice a week.LanguageThis role requires proficiency in English for communication with international colleagues and suppliers, as well as for internal tools and materials.Selection ProcessOur process lasts approximately 30-40 days, including:Application & CV reviewRecruiter interviewTechnical assessmentInterviews with engineering teamOffer stageResponsibilitiesDevelop and update policies, processes, and procedures for information security, aligned with frameworks like NIST and standards such as ISO 27001Manage and improve the Third-Party Risk Management Program (TPRM), assessing cybersecurity risks of vendors and suppliersImplement and monitor the Information Security Risk Management Program, tracking risks and performance indicatorsAnalyze, validate, and report on security risks, including identification, prioritization, and monitoringEnsure the effectiveness of risk management initiatives and maintain risk registersCoordinate internal and external security audits, ensuring regulatory compliancePlan and execute the Information Security Awareness ProgramAct as a liaison across departments regarding Security Risk Management processesMinimum Requirements7+ years of experience in cybersecurity risk management, compliance, governance, and third-party risk managementKnowledge of crisis management and business continuity planning (BCP/DRP)Experience with Information Security frameworks (NIST, ISO 27001)Proven track record in designing and managing TPRM programsStrong understanding of information security concepts, threats, and trendsExpertise in risk analysis techniques, including qualitative and quantitative assessmentsFamiliarity with GRC tools and security technologiesProficiency in English and PortugueseAdditional NotesOur hiring process emphasizes candidate engagement. We review all applications thoroughly and provide feedback, regardless of the outcome. Ensure your application reflects your genuine interest.All communication will be via email; please whitelist our domain to avoid missing updates.
#J-18808-Ljbffr