[Job-26068] Information Security Manager, Brazil

We are tech transformation specialists, uniting human expertise with AI to create scalable tech solutions. With over 8,000 CI&Ters around the world, we’ve built partnerships with more than 1,000 clients during our 30 years of history. Artificial Intelligence is our reality. Flow is the platform that integrates human and AI agents to boost productivity, quality, and security across the software development lifecycle. The Information Security area ensures that all products and operations are built with best-in-class security, compliance, and privacy practices by design, supporting global clients in their digital transformation journeys. Role Mission Lead the security strategy, governance, and operations of the CI&T Flow platform, ensuring compliance with international standards such as ISO 27001, NIST, LGPD, and SOX, while strengthening trust with CI&T’s enterprise customers. Act strategically alongside Product, Engineering, and Business teams, positioning security as a competitive advantage and an innovation enabler. Key Responsibilities Lead the information security strategy and Security by Design approach for the CI&T Flow platform. Define and evolve the security roadmap, prioritizing initiatives based on risk and business impact. Drive ISO 27001 implementation, maintenance, and audits, as well as other regulatory requirements. Partner with Product, Engineering, and Platform teams on architecture reviews, identifying risks and defining mitigation actions. Establish and oversee AI security governance, ensuring ethical use, traceability, and data protection in LLM-based solutions. Manage security vendors and services, including pentesting, SOC, compliance, and technical audits. Define and monitor security KPIs and KRIs, reporting progress and maturity to executive leadership. Lead incident response, vulnerability management, and continuous threat monitoring. Enable secure innovation through DevSecOps practices, automation, and security controls. Own security budget planning and prioritization. Support Sales, Legal, and Customer Success in security risk assessments and client communications. Represent the security function in executive and strategic forums, translating technical risks into business impact. Requirements for This Challenge Bachelor’s degree in Computer Science, Engineering, Information Security, or related fields. Desired certifications: CISSP, CISM, Security+, ISO 27001 Lead Implementer/Auditor, CCSK, AZ-500, or equivalent. Strong experience in SaaS application security, cloud environments (Azure and AWS), and secure architecture. Proven experience with ISO 27001 implementation, AI governance, and compliance with LGPD, GDPR, and SOX. Experience engaging with enterprise clients, with excellent technical and executive-level communication skills. Proven background in security budget management, contracts, and vendor management. Advanced English for global communication and collaboration.