About Nubank:
Nubank was founded in 2013 to free people from a bureaucratic, slow and inefficient financial system. Since then, through innovative technology and outstanding customer service, the company has been redefining people's relationships with money across Latin America. With operations in Brazil, Mexico, and Colombia, Nubank is one of the world’s largest digital banking platforms and technology-leading companies.


Today, Nubank is a global company with offices in São Paulo (Brazil), Mexico City (Mexico), Buenos Aires (Argentina), Bogotá (Colombia), Durham (United States), and Berlin (Germany). It was founded in 2013 in Sao Paulo by Colombian David Vélez, and cofounded by Brazilian Cristina Junqueira and American Edward Wible. For more information, visit www.nubank.com.br.


About the role:
The role of the IT Risk Governance Specialist is to support building and implementing an IT Risk function in Mexico by executing the required activities to advance throughout the different maturity levels defined in the local IT Risk program across different functional objectives of its IT Risk Governance domain. This includes but is not limited to partnering with several multidisciplinary teams across the company to ensure compliance with regulatory IT Risk related requirements, developing and implementing tailored and integrated IT Risk processes, methodologies and guidelines for Mexico as necessary, and ensuring that the IT Risk practices remain observant to all pertinent clients and stakeholders in Mexico and other international IT Risk Teams.


Key Responsibilities:

  • Develop, document and socialize the required IT & Cybersecurity Risk Management processes, procedures and guidelines in Mexico in order to evolve the IT Risk function in this geography, and to support key compliance initiatives from the technology and cybersecurity risk management perspectives.  

  • Ensure that the business and Information Security teams in Mexico are preparing what is required from an IT Risk perspective to comply with domestic regulations (E.g., CNBV and Banxico regulations). This, through assessing new initiatives and existing IT & Cybersecurity practices, and isolating potential IT risks based on regulatory requirements, identifying liabilities and needs for a change, and developing and proposing action plans to manage any relevant risks identified.

  • Act as a Subject Matter Expert on IT Risk related activities, providing internal IT Risk advisory services in Mexico.

  • Identify the technology within the scope of SOX in Mexico, partner with other IT Risk teams in Nubank to define a roadmap for SOX IT General Controls Assessments for this geography, and execute it in order to achieve SOX compliance from the IT General Controls standpoint.

  • Design and implement measures to ensure IT Risk regulatory enforcement, scalability, overseeing controls in place periodically, identifying and requesting automation opportunities.

  • Assess best-in-breed industry-specific frameworks and plan the adoption of standards and practices to ensure maturity development in existing IT risk management processes.


Operational day-to-day:

  • Design from the ground up IT Risk procedures, technical manuals, methodologies, requirements, and other IT and cybersecurity risk management-related documentation, tailored to specific needs in Mexico and integrated with existing company-wide IT Risk management processes.
  • Collaborate with local teams to ensure their initiatives and existing practices are aligned with the existing IT Risk processes, procedures and practices. This includes engaging with product and engineering teams in Mexico to identify the technology supporting business processes in this region that can be used to prioritize the IT risk management efforts.
  • Engage with local business and information security teams to identify IT and cybersecurity compliance related risks and controls in place, advise on mitigations, and ensure any residual risk to the firm is understood and accepted by the appropriate stakeholders.
  • Review the design and effectiveness of IT and cybersecurity controls, and establish action plans with the appropriate involved parties recommendations to reduce loss exposure for relevant risks.
  • Create relevant materials to enable Risk forums and committees to provide decision-makers with the best possible information about loss exposure for IT systems and processes supporting the critical business and operations in Mexico, and options for dealing with material IT and cybersecurity risks.
  • Produce IT risk metrics, status reports and presentations for various audiences as needed.

Qualification Requirements:


Knowledge & Experience:

  • Minimum of 5 years of experience in cybersecurity or IT Risk Management
  • Bachelors’ degree in Computer Science, MIS business, or equivalent experience
  • Knowledge on IT and cybersecurity requirements of Mexican regulation applying to financial institutions (CNBV, Banxico), and SOX IT General Controls
  • In-depth knowledge of IT and cybersecurity risk management concepts, practices and methods
  • Strong knowledge of technology environments, including information security, identity and access management, and cloud-born environments
  • Experience in planning, organizing, and developing policies, procedures, and practices in a large environment
  • An advanced degree (e.g., MS with concentration in information systems) is a plus
  • An advanced degree (e.g., MS with concentration in information systems) is a plus
  • Certificates in information security or IT risk management (CISSP, CISA, CISM, CRISC, ISO27001 and/or other) is a plus
  • Experience developing governance and compliance reports to governing bodies, legal entities, and/or external authorities is a plus
  • Strong English and Spanish communication skills (both written and oral) are required



  • Communication and presentation
  • Systemic view and interconnections
  • Didactic and sociability
  • Critical analysis and organization
  • Articulation and negotiation
  • Project management



  • Exceptionally self-motivated, directed, and detail-oriented
  • Superior analytical, evaluative, and problem-solving abilities
  • Ability to motivate in a team-oriented, collaborative environment
  • Results oriented with the ability to work independently and as part of a team, managing multiple priorities with tight deadlines 
  • Trailblazer change experimenter, fast learner, and uncertainty embracer
  • Energized future thinker and challenger


Working Conditions:

  • Health, dental, and life insurance
  • Food Card
  • Chance of earning equity at Nubank
  • 15 days of paid vacation with 25% vacation bonus
  • Holiday Bonus ("Aguinaldo") of 30 days of pay per year
  • NuCare - Our mental health and wellness assistance program
  • NuLanguage - Our language learning program
  • Extended maternity and paternity Leaves


Diversity and Inclusion at Nubank

We want to have a product for everyone, and we build strong and diverse teams that rise to the challenge. We are a team of the most creative people in technology, and we hire under equal opportunity, irrespective of gender, ethnicity, religion, sexual orientation, or background. We are a very process-light organization that values human interactions, and that is an essential part of our culture. At Nubank, everyone has the opportunity to speak up and participate, grow, and share ideas.

Apply for this Job

* Required

resume chosen  
(File types: pdf, doc, docx, txt, rtf)

Demographic Information

To ensure we are continually building a more diverse and inclusive workplace, we hire based on the principle of equality. We consider gender, ethnicity, race, religion, sexual orientation, and other identity markers as enriching components to our company while ensuring neither of them represent a barrier when recruiting.

We ask you to please share some additional information about yourself so we can leverage recruitment efforts – it’s completely optional. Filling this demographic form will not affect your hiring process in any way. For more information, please check out our Candidate Privacy Policy in Portuguese, Spanish, or English.

1. Gender Identification: please indicate which of these gender identities best describe you, to the extent you feel comfortable: (Select one)

2. Race/Skin Color: please select the option that best describes your race/skin color, to the extent you feel comfortable: (Select one)

3. Sexual Orientation: please indicate which of these sexual orientation best describe you, to the extent you feel comfortable: (Select one)

4. Disability: please indicate if you are a person with a disability, to the extent you feel comfortable: (Select one)

5. If you are a person with a disability, would you like to disclose what kind of disability you have?