About Nubank:
Nubank was founded in 2013 to free people from a bureaucratic, slow, and inefficient financial system. Since then, through innovative technology and outstanding customer service, the company has been redefining people's relationships with money across Latin America. With operations in Brazil, Mexico, and Colombia, Nubank is one of the world’s largest digital banking platforms and technology-leading companies.
Today, Nubank is a global company with offices in São Paulo (Brazil), Mexico City (Mexico), Buenos Aires (Argentina), Bogotá (Colombia), Durham (United States), and Berlin (Germany). It was founded in 2013 in Sao Paulo by Colombian David Vélez, and cofounded by Brazilian Cristina Junqueira and American Edward Wible. For more information, visit www.nubank.com.br

About the team:
IT Risk Team is part of the Risk Management Tribe at Nubank, responsible for identifying and managing technology and information security risks across information technology systems, including microservices, and processes. IT Risk Management consists in helping the business to identify threats and vulnerabilities in order to mitigate information technology risks that could materialize and negatively impact data confidentiality, integrity, and availability.
About the role:
In the role of the IT Risk Senior Analyst, you will be in charge of playing a crucial part in ensuring the security, compliance, and overall risk management of our organization's information technology systems, including microservices, and processes. As a senior IT Risk member and part of the second line of defense, you will be responsible for working in partnership with Business Units, leading risk assessment initiatives, implementing risk mitigation strategies, and collaborating with cross-functional and multidisciplinary teams across to maintain a robust IT Risk management framework.

Key Responsibilities:

• Conduct comprehensive risk assessments across various IT domains, identifying potential vulnerabilities, threats, and impacts. Analyze risks to determine their significance and develop insights for senior management.
• Develop and implement effective risk mitigation strategies that align with business objectives and regulatory requirements (E.g., for BCB: Res. 85 and 4893, and for Investments: CVM 035, CVM 021, and PQO). Collaborate with relevant stakeholders to ensure the successful execution of risk management initiatives.
• Monitor regulatory changes and industry best practices to ensure the organization's IT risk management practices remain compliant. Assist in the development and enforcement of IT risk management policies and procedures.
• Collaborate with incident response teams to develop plans for handling and recovering from IT security incidents. Participate in post-incident analysis and recommend improvements to prevent future occurrences.
• Communicate complex IT risk issues and solutions to both technical and non-technical stakeholders. Prepare metrics, reports, and updates for senior management and executive leadership.
• Drive continuous improvement in IT risk management processes. Identify opportunities to enhance existing procedures, tools, and methodologies to adapt to evolving risk landscapes.
• Provide guidance and mentorship to junior members of the IT risk team. Assist in their professional development by sharing expertise and knowledge.

Qualification Requirements:

• Minimum of 5 years relevant experience in cybersecurity or IT Risk Management, with a focus on risk assessment, analysis, and mitigation.
• Bachelor's degree in Information Security, Computer Science, or a related field. Master's degrees or relevant certifications (e.g., CISA, CISSP, CRISC, and/or other) are pluses.
• In-depth understanding of information security principles, risk frameworks, and regulatory compliance (e.g., NIST, LGPD, ISO 27001).
• Analytical and problem-solving skills, with the ability to translate complex technical information into clear business insights.
• Strong knowledge of technology environments, including information security, identity and access management, and cloud-born environments (e.g.: AWS and GCP).
• Advanced English communication skills, both written and verbal.

Benefits:

• Health, dental, and life insurance
• Meal allowance
• Transportation assistance
• 30 days of paid vacation
• Chance of earning equity at Nubank
• Parking partnership - discounted parking in our office
• Free bike parking with showers available
• NuCare - Our mental health and wellness assistance program
• NuLanguage - Our language learning program
• Gympass partnership
• Extended maternity and paternity Leaves
• Child care allowance
• ‘Espaço Feijão’- Private nursing and breastfeeding spaces in our buildings
• Onsite Health Center - Medical support for every Nubanker in our office

Diversity and Inclusion at Nubank
We want to have a product for everyone, and we build strong and diverse teams that rise to the challenge. We are a team of the most creative people in technology, and we hire with equal opportunity, irrespective of gender, ethnicity, religion, sexual orientation, or background. We are a very process-light organization that values human interactions, and that is an essential part of our culture.

At Nubank, everyone has the opportunity to speak up and participate, grow, and share ideas.