Match score not available

Security Risk Associate (336)

Remote: 
Full Remote
Contract: 
Experience: 
Mid-level (2-5 years)
Work from: 

Offer summary

Qualifications:

Advanced/fluent English skills, Strong background in information security governance, risk, and compliance, Knowledge of SOC 2 Type II and ISO 27001, Experience with vendor risk management, Certifications like CISSP or CISA are a plus.

Key responsabilities:

  • Evaluate third-party vendors and applications
  • Manage Business Continuity Program and Disaster Recovery processes
  • Coordinate risk assessments and compliance activities
  • Update security policies and procedures
  • Collaborate with business units to mitigate security risks
Ubiminds: You, International. logo
Ubiminds: You, International. Scaleup https://www.ubiminds.com/
51 - 200 Employees
See more Ubiminds: You, International. offers

Job description

Info on the Security Risk Associate role
Want to get to the next step in your international career? We can support you!

Ubiminds is a GPTW certified, people-first company that partners with American software product companies to scale their development footprint. Ubi custom-curates Brazilian top 5% talent for their LATAM strategy, offering a unique combo of staff augmentation and employer-of-record services.

Ubiminds is assisting a global rating agency established to restore trust in credit ratings and offer accurate and transparent ratings.

Challenge
As a Security Risk Associate, you will work with the Senior Security Risk Manager ensure that
the Governance, Risk, and Compliance functions of the client's Information Security program meet overall security policies and standards and protects client's information and systems. You
will be involved in all GRC activities, be a driving force behind managing our BCP, Disaster
Recovery, Vendor Management programs, update and restructure our policies and procedures,
and enhance risk management processes.

What you'll do
• Collaborate with the security team and business leads to evaluate third-party vendors, applications, and services organization-wide as part of vendor management.
• Identify strengths and areas for improvement in organizational security posture and risk management acceptance.
• Improve security vendor management procedures.
• Serve as a key contact for identifying security risks, raising awareness, and coordinating risk reduction plans with IT, legal, and business units.
• Coordinate third-party assessments, ensuring vendors are properly evaluated, and respond to client questionnaires.
• Manage the Business Continuity Program (BCP), keeping Business Impact Analysis (BIA) documents maintained and the program updated and tested regularly.
• Oversee the Disaster Recovery Program, ensuring systems and processes are documented and tested regularly.
• Ensure Information Security policies and procedures are complete, pragmatic, and up to date.
• Conduct compliance and risk activities, including yearly gap analysis against security frameworks and maintaining the risk register.
• Engage with the business to align risk appetite with operational reality.
• Collaborate with the client’s business, developers, and IT teams to solve problems, escalate issues, and provide exceptional customer service.

In order to succeed in this position, you will need:

Mandatory skills
Advanced/fluent English skills – Excellent written and verbal communication skills.
• Strong background in information security governance, risk, and compliance.
• Knowledge and hands-on experience with tabletop exercises.
• Performed risk and compliance assessments, including vendor risk assessments.
• Participated in customer audits.
• Knowledge of SOC 2 Type II framework, GLBA, NIST CSF, and ISO 27001 requirements.
• Knowledge of ESMA, FCA, and SEC requirements related to cybersecurity and operational resilience (DORA).
• Belong to an industry group (ISSA, ISACA, Infragard, SANS, FS-ISAC, etc.).
• Knowledge of security architecture, cloud security, and understanding of technical architecture conversations.
• Written security policies, standards, and procedures for security operations and the organization.
• Detail-oriented and skilled at creating documentation.

Nice to have
• Certifications: CISSP, GSEC, CISA, CRISC
• Have more than 3 years of direct hands-on experience within the information security and risk management field.

Non-technical skills
• Strong communication skills to collaborate with business and customers.
• Ability to work independently and on cross-business team projects.
• Written security policies, standards, and procedures experience.
• Stakeholder management and influencing skills.
• Autonomy and self-drive.
• Belong to an industry group to stay updated on threats and risks.

About Ubiminds
Our Culture
People First. We are all about people!
Challenge yourself. There’s always room for improvement and continuous improvement is in our essence.
Make it happen. Be ready to take challenges as they come. It’s all about attitude and commitment.
We’re in this together. We work as a team, thrive as a team, and evolve as a team.
Averaging on awesome. We work hard to deliver high-quality services and look forward to exceeding expectations.
Keep it real. We promise you honesty, transparency, and openness, regardless of the situation.

Perks and Benefits
As Security Risk Associate @Ubiminds, you:
- Are placed in a product-based company, with the same treatment as their full-time employees.
- Have our full back-office support, from career guidance to HR and concierge services.
- Enjoy our remote-first policy – we are a distributed team, after all.
- Get your own MacBook (none of that "bring your own device" stuff here).
- Have access to growth opportunities with other amazing technology professionals, through tech talks, chapter meetings, and even remote happy hours for tons of fun!
- Improve your English through free lessons with a native English speaker - get to the next level on your communication skills!
- Candidate Referral bonus (promote Ubi to your tech friends, and get paid for it!)
- Miss working in the office? Our cool Florianópolis headquarters is available, whenever you want, with weekly quick massages & tasty snacks, soft drinks, and games

How our process works
1. Interview with Tech Recruiter (chat about the job opening and your experiences)
2. Client process (this may vary)
3. Offer (yay)

Required profile

Experience

Level of experience: Mid-level (2-5 years)
Spoken language(s):
EnglishEnglish
Check out the description to know which languages are mandatory.

Other Skills

  • Verbal Communication Skills
  • Organizational Skills

Security Engineer Related jobs