Security Governance Specialist
RecargaPay is the Super App that simplifies everyday payments for consumers and SMEs in Brazil.
The platform streamlines payments for over 6 million Brazilians by consolidating credit and debit cards, instant payments like Pix, and Open Finance, on a mission to democratize mobile payments and financial services in Brazil.
Featuring services such as bill payments, mobile top-ups, public transportation, installment plans, and loans, designed with convenience, low cost and flexibility in mind. RecargaPay is changing the way both banked and unbanked Brazilians make their everyday payments and access their financial services.
As Security Governance Specialist reporting to our Head of Cyber Security, we expect you to become an important member of our team, to help us focus on PCI certification activities, BACEN regulations, processes, controls, among other control issues.
Your responsibilities are as follows:
● Creation of Standards, Policies and Procedures;
● Follow-up on the implementation of Security action plans;
● Audit demands;
● Process Design (AS IS and TO BE);
● Review of Policies and Procedures based on best business practices COBIT, ITIL, ISO 27001
and regulatory requirements LGPD;
● Review and change of Process, sub-process, elaboration of RACI matrix and controls
defined according to Security requirements;
● Evaluate controls, related to effectiveness, providing recommendations, action plans and
● Periodic preventive tests on design and operation controls, in order to update risks and
● Act as focal point for internal and external audits;
● Management of Information Security indicators.
● Graduate or undergraduate degree related to IT or IS;
● Great writing skills (for documentations and executive presentations), verbal communication (talking and negotiating with other teams), ease in producing visual presentations, and organization;
● Experience in auditing or assessment ISO27001, ISO27701 NIST, CIS;
● Experience in drafting policies, procedures, standards and other documents related to IS governance;
● Experience in Cyber and IT risk management;
● Intermediate knowledge of Information Security and IT processes (ITIL, COBIT).
Desirable Experience (Differential)
● Possess certifications: ITIL or COBIT or ISO27001 or ISO27002 or EXIN PRIVACY (PDPE or PDPF), DPO, Continuity.
● Have worked in a financial company;
● Ease of handling adherence/Compliance (relevant to Security) issues based on industry standards, legal issues or industry regulations (PCI-DSS, LGPD, CIS, ISO, NIST, BaCen/SFN and the like);
● Knowledge of data visualization tools (knowledge of PowerBI or Google Data Studio will be considered a plus);
● Recognized administrative/technical certifications in Security (CISSP, 27002 or similar) are not mandatory, but will be evaluated as a differential according to the candidate's profile;
● Spanish will be a plus.
- Medical and Dental assistance without co-participation;
- Life insurance;
- Flexible Meal voucher - Flash;
- Home office assistance - monthly deposit in the RecargaPay app for personal use;
- Spanish classes;
- Educational partnerships;
- Discount in Universities for Undergraduate, Graduate and MBA courses;
- Anywhere office - work from wherever you want.
Diversity & Inclusion
Diversity is part of our DNA and we are in constant search for representativeness and evolution. We believe that our employees should be who they are, and that is what makes them unique in their roles - regardless of gender, religion, disabilities, LGBTQI+, ethnicity, generations and different experiences. And we are looking for people who are authentic and free to co-create a more inclusive and innovative company and society. Does it sound like you?
The use of your Data
The candidate, when sending the curriculum with personal and professional data to participate in RecargaPay's recruitment and selection process, is aware that the data will be used for the necessary analysis and validations throughout the recruitment process and for hiring, if necessary, as well as authorizes RecargaPay to share the curriculum data with other companies in the RecargaPay group in case opportunities arise in line with the candidate's profile.
In compliance with Law 13.709 / 18, LGPD - General Data Protection Law, the candidate may ask for the updating, rectification and modification of his information during the recruitment and selection process, or, still, request the non-use of the data under the terms applicable law.