Rio de Janeiro, São Paulo ou Recife
Corporation
CLT
Hybrid
Senior
Required training
Company Description
Finance
Job Description
Responsibilities: • Monitoring security telemetry data to detect and respond to unusual or suspicious activity. • Participate in cyber threat analysis efforts to identify potential vulnerabilities and recommend mitigating actions. • Conduct comprehensive security assessments by reviewing the results of vulnerability scans, penetration testing scans, and red/purple team assessments. • Assist in incident response efforts, including forensic examination of compromised systems and post-incident reviews. • Collaborate with IT teams to remediate security vulnerabilities and ensure adherence to best practices. • Stay current on the latest trends and advancements in information security, particularly those affecting the private equity and financial sectors. • Support reviewing, updating, and enforcing policies and procedures to ensure compliance with applicable standards and frameworks. • Together, with the Security Engineering team, research and assess the applicability of new/existing threats, and assist with implementing mitigation strategies. • Assist with implementing and monitoring security measures to protect technology assets. • Review information security tools and controls to ensure optimal efficiency and adherence to information security standards. • Assist with information security risk assessment to identify exposures, assess mitigating controls, and recommend/implement action plans to minimize risk. • Collaborate with IT to investigate, resolve, and respond to all information security incidents. • Monitor threat intelligence feeds and subscriptions for applicable threats to the firm. • Adhere to confidentiality policy, code of ethics, other firm policies/procedures, and compliance policies/procedures. Skills: • Professional security certification, such as a Security+ or other security-oriented certification. • A minimum of three years of experience in Information Security or IT experience, preferably in finance. • Strong knowledge of information security principles and practices, including risk assessment, vulnerability management, and incident response. • Knowledge of current regulatory frameworks and guidance, compliance, security, and best practices related to information assurance, finance industry, and information technology. • Intermediate knowledge of security platforms, threats, identity and access management, network segmentation, encryption, network traffic, and system hardening. • Knowledge of vendor-agnostic cloud security concepts. • Knowledge of information security and standards including, but not limited to, NIST CSF 2.0 and CIS Top 18. • Advanced English.
