BotCity is a pioneering hyperautomation platform backed by notable investors including Y Combinator and Softbank.
Specializing in RPA and AI, we provide advanced governance, orchestration, and developer tools to enable enterprises to scale their automation initiatives effectively.
With a philosophy that automation projects are software projects, we advocate a high-code approach, primarily using Python.
Serving over 1,000 companies across 73 countries, BotCity has established a strong global presence with implementation partners worldwide.
In 2024, we were celebrated on G2.com as one of the world's top 25 emerging platforms alongside industry giants like MidJourney, WhatsApp Business, and Slack.
Recognized by Endeavor as a ScaleUp in 2023, and growing at a double-digit monthly rate, our dynamic teams are located across Brazil, the US, and Europe.
The Information Security Analyst will be responsible for managing our security compliance initiatives across BotCity's teams to ensure our solutions meet the highest information security standards.
We are seeking a highly motivated professional with hands-on experience in general information security topics, excellent communication skills, the ability to handle customer inquiries, and an interest in establishing security processes and procedures.
This role will report to the VP of Engineering.
Responsibilities:
Complete and respond to customer security questionnaires, ensuring accurate and timely submissions.
Ensure company-wide adherence to security frameworks such as ISO 27001, SOC 2, GDPR, and others as needed.
Manage internal training sessions to ensure the entire team is aware, engaged, and compliant with information security policies.
Serve as the point of contact for security-related inquiries from clients, providing detailed responses based on internal security protocols and participating in meetings.
Maintain and update security documentation, including security policies, processes, and audit logs.
Collaborate with internal teams such as IT, Engineering, and Product to ensure security controls are implemented and maintained in alignment with regulatory requirements.
Assist in internal and external security audits by gathering and organizing required documentation and evidence.
Recommend and implement improvements to the organization's security posture based on customer feedback and audit outcomes working alongside the Engineering team.
Required Qualifications:
Degree in Information Security, Cybersecurity, Information Technology, or a related field.
Experience (3+ years) with cybersecurity/information security, focusing on security compliance, questionnaires, internal training, and audits.
Strong knowledge of security frameworks such as ISO 27001, SOC 2, NIST, and GDPR.
Experience responding to security audits and completing customer security checklists.
Familiarity with cloud provider technologies such as AWS, Azure, and GCP.
Knowledge of computer networks and firewalls.
Excellent written and verbal communication skills, with a keen attention to detail.
Ability to travel as needed and work flexible hours to support all events.
Experience working with MS Office/Excel, Google Suite, Notion, and Slack.
Preferred Qualifications:
Certifications such as CISSP, CISM, or CISA, or other specific certifications related to Cybersecurity, Information Security, AWS Associate.
Familiarity with SIEM and WAF tools (Security Information and Event Management, Web Application Firewall).
Hands-on experience with security compliance management tools such as Vanta, Drata, or OneTrust.
Experience working with Information Security in product-first companies.
Prior experience in an early-stage, high-growth, and fast-paced startup environment or technology companies.
Competitive compensation.
Paid time off (30 days per year).
100% remote and flexible hours.
Opportunity to work in a global team with teams in San Francisco and São Paulo.
#J-18808-Ljbffr