Role : Business Information Security Officer (BISO) Salary : Competitive package + equity Location : Rio de Janeiro, Brazil Summary Our client, a rapidly growing HealthTech Unicorn, is on a mission to humanise the healthcare experience for doctors, patients, and clinics through their digital product. A leader in 13 countries supporting millions of patients and doctors, our client is now turning their focus to the security team and seeking a crucial hire to support their growth. We are looking for a BISO to oversee and manage the information security and cybersecurity strategy and operations for the region. Reporting to the CISO sitting in a centralised security team, the BISO will be responsible for bringing the security initiatives and strategy from the group and implementing locally, whilst playing a key role in enhancing our overall security program by refining processes and optimizing tooling. Due to the stage of the security team and function, this role requires a blend of skills across GRC, ability to govern and influence, and SecOps, implementing advanced threat detection and mitigation strategies. Your ability to communicate complex risks and incidents clearly to stakeholders is crucial for maintaining transparency and building trust. Additionally, you will ensure compliance with industry standards and regulations, such as NIST, ISO 27001, and SOC 2 Type 2. Responsibilities: Perform daily alert investigation and incident response in both cloud-native and traditional environments Identify, scope, and manage ongoing incidents for our customers, developing remediation plans to improve security maturity Improve and maintain processes, tooling, documentation and training to mature and enhance cybersecurity incident response Design, implement and maintain monitoring systems Assist our development and operations teams on improving our log monitoring capabilities Threat intelligence Feeds Automation Tools and Technologies: Cloud-based environment AWS Datadog AWS WAF Infrastructure as Code, Terraform Kubernetes Requirements: 5+ years' security experience with strong SecOps knowledge across alert triage, investigation, and incident response Experience designing, building and maintaining monitoring and alerting systems from scratch Proficiency in managing the incident lifecycle with the ability to handle multiple work streams concurrently Strong understanding of secure software development practices, including knowledge of common vulnerabilities such as OWASP Top 10. Effective communication skills to articulate complex technical issues to diverse audiences (IT professionals, executives, business decision-makers) in a clear, authoritative, and actionable manner Experience in start-up/tech environment in a SaaS company Awareness of cybersecurity standards and regulations such as NIST, CIS, ISO 27001, and PCI DSS Nice to Have: Familiarity with scripting languages (Python, Bash…) and APIs A basic understanding of Forensic processes
