KEY RESPONSABILITIES Design and Implement the risk management and internal control framework defined by the Group within the organization including identifying, analyzing, evaluating, mitigating and monitoring of risks. Develop and implement internal controls together with the appointed stakeholders in accordance with global policies and guidelines. Assist and Implement the Guidelines and Policies endorsed by Group to embed into the organization. Manage, coach, support control, risk and process owners. Promote integrity and strong risk culture and awareness within the organization. Identify potential areas of risk, compliance and control weaknesses; develop/ implement corrective action plans to resolve problematic issues, and provide general guidance on how to avoid or deal with similar situations in the future; Assist and monitor the development and implementation of internal control improvements; Monitor changes in business processes, information systems, management and operations, and coordinate with operations to ensure mitigation of control risks; Initiate and coordinate with internal and external assurance providers for evaluating the effectiveness of controls and ensure remediation of identified weaknesses Engage with stakeholders, including management and internal stakeholders, to facilitate appropriate initiatives to coordinate compliance approaches Assist with any other requirements determined by management to support the business Provide risk advisory services to business/functions. Participate in the risk assessment of technology focus areas where effectiveness of controls requires improvements develop report to address risk observed and present to stakeholders Participate in the review of technology, information, cyber risk related regulatory and legal guidelines. Keep abreast of new technologies and related risks, regulatory requirements for technology and information security and industry trends. JOB REQUIREMENTS Bachelor's degree in Networking, Engineering (Computer/Telecommunication), Computer Science, Information Technology or a related field. Minimum 3 years relevant experiences in Information Security and IT Security. English - Intermediate level (Written & Spoken) Experience in implementation and management of Information Security risk. Knowledge in organization risk, network / application / database / hardware security background in multiple server OS environments and proficiencies. Basic knowledge in system and network such as routers, routings, firewall, proxies, servers, etc. Infrastructure knowledge covering server and network. Conceptual skills including qualitative and quantitative methods for risk management and experience with risk management and internal control frameworks (e.g. COSO, ISO, COBIT) Process-oriented and problem-solving attitude as well as strong organizational skills and hands-on mentality. Strong and effective communication, presentation, project management and social skills Ability to function effectively in a dynamic, fast paced environment. Ability to work independently and take initiative. While cooperatively work with other internal departments, external service providers and a global team. Good written and communication skills with ability to interact and engage with stakeholders Attention to detail is important. Self-starter and able to work independently in a structured manner. Willing to work on-site on a daily basis in Campinas. Flexible and willing to travel.
