Grupo QuintoAndar | GRC, CyberSecurity Specialist
QuintoAndar was born to do something very rewarding: open doors.
We opened doors for technology to be part of living.
And, through it, we simplify and reduce the bureaucracy of the experience of those looking for a new home.
Thus, we became the most valuable proptech in Latin America, leading the real estate market in around six countries and more than 75 cities around the globe.
To make all this happen, we have more than 4,000 talented people, working with cutting-edge technology and best design practices to ensure a seamless experience throughout the sales and rental process, combined with smart financial products.
Here you will work with the best professionals in the market, in an environment that breathes innovation, collaboration and high performance.
About working at QuintoAndar:
Possibility of learning;
Opportunity to work in a team that seeks to use the best practices and tools in the market;
Work in an informal environment with a horizontal structure;
Being part of a team working on a high-impact project that affects the lives of thousands of people.
Location & Remote Work
Our technology team works on the "remote-first" model, which means we are working from home with the possibility of living anywhere in Brazil.
We also have the option of using QuintoAndar's offices in São Paulo and Campinas or using partner coworking spaces, both up to twice a week.
Stages of the Selection Process
Our selection process currently lasts an average of 30-40 days, from application to completion of the assessment.
Going through:
Application & CV Screening
Interview with Recruiter
Interviews with Engineering Team
Offer
About the Area and Responsibilities
Develop and update Policies, Processes and Procedures related to Information Security processes (in line with Risk Frameworks such as NIST and best practices such as ISO 27001);
Oversee and enhance the Third-Party Risk Management Program (TPRM), including assessing and monitoring cybersecurity risks associated with vendors and suppliers.
Develop and conduct the information Security Risk Management Program, by monitoring risks and performance indicators;
Perform analysis, validation and reporting on Security Information risks (related to identification, prioritization , treatment and monitoring);
Monitor the effectiveness of Risk Management initiatives and update risk registers;
Coordinate internal and external security audits, ensuring compliance with regulatory requirements;
Plan and conduct the Information Security Awareness Program;
Act as a liaison between different departments within Grupo QuintoAndar regarding the Security Information Risk Management process.
Requirements
Proven experience in cybersecurity risk management, compliance, governance, and third-party risk management (7+ years);
Knowledge and previous implementation of Information Security frameworks/standards (such as NIST and ISO 27001);
Experience designing, implementing, and managing TPRM programs;
Knowledge of the main concepts of Information Security, as well as being up to date with threats and trends in this topic;
Experience with risk analysis techniques, such as identification, assessment and prioritization of risks and qualitative and quantitative risk assessment techniques;
Being familiar with GRC tools and security technologies;
Proficient communication in English and Portuguese;
Important:
Our selection process starts with the application!
If you are truly interested in joining our team, make sure to put in extra effort at this stage.
We review all candidates individually and provide feedback even to those who do not proceed in the process;
All communication is done via email, so be attentive to our messages and whitelist the @quintoandar.com.br domain to prevent our emails from going to spam.
Diversity & Inclusion at QuintoAndar
At QuintoAndar, we believe diversity of perspectives and experiences guarantee a differentiated work environment, based on respect and valuing differences.
Feel free to declare the information on the registration form.
This information helps us create an increasingly inclusive environment and it is used only for this purpose, it is confidential, and it will not impact your performance throughout the hiring process.
Privacy and Data Protection
In order to apply for one of our jobs roles, we will need to collect some of your personal data necessary for us to review your application and to contact you.
All data processed is confidential and will be stored in a secure place for the time necessary to fulfill its purposes, with appropriate technical and administrative measures being adopted to protect your information.
#J-18808-Ljbffr