Nu was born in 2013 with the mission to fight complexity to empower people in their daily lives by reinventing financial services. We are one of the world’s largest digital banking platforms, serving millions of customers across Brazil, Mexico, and Colombia. For more information, visit our institutional page https://international.nubank.com.br/careers/
As an IT Risk Specialist, you will play a pivotal role in safeguarding the security, compliance, and risk management of Nubank's technology systems, including microservices and key processes. You will also serve as a subject matter expert in the technology and cybersecurity landscape, guiding the organization through complex challenges and eventually presenting them in Foruns and Risk Committees. Additionally, you will lead critical risk assessment initiatives, propose effective mitigation strategies, collaborate with cross-functional teams to maintain a strong and resilient IT risk management framework, assist the team in complex situations and decision-making, and structure key risk indicators to be followed by risk areas.
Conduct comprehensive risk assessments across various IT domains, identifying potential vulnerabilities, threats, and impacts. Analyze risks to determine their significance and develop insights for senior management.
Monitor regulatory changes and industry best practices to ensure the organization's IT risk management practices remain compliant. Assist in the development and enforcement of IT risk management policies and procedures.
Collaborate with incident response teams to develop plans for handling and recovering from IT security incidents. Participate in post-incident analysis and recommend improvements to prevent future occurrences.
Communicate complex IT risk issues and solutions to both technical and non-technical stakeholders. Prepare metrics, reports, and updates for senior management and executive leadership.
Drive continuous improvement in IT risk management processes. Identify opportunities to enhance existing procedures, tools, and methodologies to adapt to evolving risk landscapes.
Provide guidance and mentorship to junior members of the IT risk team. Assist in their professional development by sharing expertise and knowledge.
Strong knowledge of technology environments, including information security, identity and access management, cloud-born environments (e.g., AWS and GCP), container and serverless security (e.g.: EKS, GKE, Lambdas), and microservices messaging communication (e.g.: Kafka).
Strong ability to translate technical terms into business and executive language, adapting communication for various audiences.
Advanced English communication skills, both written and verbal, are essential.
Bachelor's degree in Information Security, Computer Science, or a related field.
Master's degrees or relevant certifications (e.g., Security Plus, CISA, CISSP, CRISC, and/or other) are pluses.
In-depth understanding of information security principles, risk frameworks, and regulatory compliance (e.g., NIST, LGPD, ISO 27001).
Our work model is hybrid and has cycles that can be from two to three months according to the business of expertise. For every eight or twelve weeks of remote work, one will be at the office.
Links to support:
- English
