Unlock Premium Benefits Today!
🚀 Elevate your career with priority access.
Stand out to top recruiters with Jobgether Priority Access:
  • ✅ Top Match: We help you identify job offers where you're a perfect fit.
  • ✅ Exclusive Referral Service: Connect directly with recruiters as a Jobgether Certified Premium User.
  • ✅ Personalized Feedback: Receive feedback and expert guidance on applications, and have your profile manually reviewed.
Go Premium

[Job - 22124] Senior GRC Security Specialist, Brazil

Remote: 
Full Remote
Contract: 
Full time
Work from: 
Brazil

Offer summary

Qualifications:

Bachelor’s degree in Computer Science, Information Security, or related field., Strong understanding of GRC frameworks, industry standards, and regulatory requirements., Experience in GRC, compliance, or related roles, particularly in the medical device industry., Excellent analytical, communication, and problem-solving skills..

Key responsibilities:

  • Lead and execute third-party risk assessments to ensure compliance with internal and external standards.
  • Maintain and enhance the cybersecurity control framework, identifying gaps and ensuring adherence to regulations.
  • Create and maintain cybersecurity-related policies and procedures, ensuring compliance with documentation standards.
  • Support audit readiness efforts by providing necessary documentation and evidence to external auditors.

CI&T logo
CI&T XLarge http://www.ciandt.com
5001 - 10000 Employees
See all jobs

Job description

We are tech transformation specialists, uniting human expertise with AI to create scalable tech solutions.
With over 6,500 CI&Ters around the world, we’ve built partnerships with more than 1,000 clients during our 30 years of history. Artificial Intelligence is our reality.

The GRC Security Analyst will play a key role in maintaining and enhancing our Governance, Risk, and Compliance program while ensuring adherence to industry standards and regulatory requirements in the medical device sector. This position requires a detail-oriented and proactive individual with a strong understanding of security governance/compliance practices.

Key Responsibilities:
Third-Party Risk Assessments:
- Lead and execute third-party risk assessments annually, ensuring alignment with internal risk standards and external compliance requirements.
Cybersecurity Controls Monitoring:
- Maintain and enhance the cybersecurity control framework by:
• Mapping existing controls
• Collecting evidence of execution
• Identifying gaps or nonconformities
• Aligning overlapping requirements under a unified structure
- Ensure adherence to frameworks such as HITRUST, HIPAA, Spain ENS certification.
Enterprise Risk Management:
- Continuously identify, log, and analyze:
• Control nonconformities
• Unresolved/high-risk vulnerabilities across different sources
- Maintain the Risk Registry.
- Deliver timely risk treatment updates and reports to stakeholders.
Policies and Procedures Development:
- Create and maintain cybersecurity-related policies and procedures.
- Ensure documentation complies with regulatory and contractual standards.
Audit Support:
- Serve as a key contributor in audit readiness efforts.
- Ensure all cybersecurity processes, controls, and documentation meet external auditors' expectations.
- Support audit engagements by providing evidence and clarification as needed.

Required Skills and Qualifications:
- Conducting risk assessments, identifying potential vulnerabilities, and recommending mitigation strategies for medical device operations.
- Collaborating with cross-functional teams to ensure effective communication and implementation of GRC policies, procedures, and controls.
- Leading efforts to maintain and update GRC-related documentation, including risk assessments, policies, and procedures.
- Participating in internal and external audits, providing necessary support and documentation to demonstrate compliance.
- Strong understanding of GRC frameworks, industry standards, and regulatory requirements.
- Excellent analytical skills and attention to detail.
- Ability to work independently and within cross-functional teams.
- Excellent communication skills, with the ability to collaborate with both technical and non-technical stakeholders.
- Strong problem-solving skills, capable of making informed decisions under pressure.
- Fluent English skills.
- Proven track record working with U.S.-based companies.
- Bachelor’s degree in Computer Science, Information Security, or related field.
- Experience in GRC, compliance, or related roles.
- Experience in the medical device industry.
- Familiarity with compliance standards such as:
• FDA regulations
• HIPAA
• ISO
• NIST cybersecurity framework
- Relevant certifications (a plus, not required):
• CISSP
• CISA
• CRISC
• Or equivalent


#LI-AM2
#Midsenior
Our benefits:

-Health and dental insurance
-Meal and food allowance
-Childcare assistance
-Extended paternity leave
-Wellhub (Gympass)
-TotalPass
-Profit-sharing (PLR)
-Life insurance
-CI&T University
-Discount club
-Free online platform dedicated to physical, mental, and overall well-being
-Pregnancy and responsible parenting course
-Partnerships with online learning platforms
-Language learning platform
And many more!
More details about our benefits here: https://ciandt.com/br/pt-br/carreiras



Collaboration is our superpower, diversity unites us, and excellence is our standard. 
We value diverse identities and life experiences, fostering a diverse, inclusive, and safe work environment. We encourage applications from diverse and underrepresented groups to our job positions.

Required profile

Experience

Spoken language(s):
English
Check out the description to know which languages are mandatory.

Hard Skills

GRC SoftwareCyber SecurityCompliance ManagementRisk AnalysisVulnerability ManagementAuditingInternal Documentation

Other Skills

  • Collaboration
  • Communication
  • Analytical Skills
  • Problem Solving
  • Teamwork
  • Detail Oriented
Are you interested?

Related jobs

See more jobs