- Participate in our PCI-DSS program
- Maintain our Data Mapping, Retention and Security Classification
- Change Control
- Maintain Incident Response support documentation
- Execute our Third-Party Vendor Management (TPVM) process
- Maintain our Disaster Recovery (DR) plan
- Execute our Security Awareness program
- Maintain our SDLC (Software Development Life Cycle) documentation
- Maintain our Information Technology and Information Security Policies up to date
- Maintain our Access Matrix
What We Need You to Have:
- Experience and strong working knowledge of IT Governance, Risk and Compliance (GRC) - minimum of over 3 years is desirable
- In-depth familiarity with frameworks such as SOX/ RFP, SOC (SSAE16), PCI-DSS, ISO/IEC 27001, COBIT, NIST and/or others
- The ability to develop and maintain policies, procedures, guides and best practices
- The capacity to drive adoption of policies and procedures across the Company, without slowing us down!
- Experience with Data Privacy and Protection regulations and laws like GDPR and LGPD
- Excellent written and spoken English communication skills. Spanish is desirable but not mandatory.
