IT Risk Senior Analyst
Nubank was founded in 2013 to free people from a bureaucratic, slow and inefficient financial system. Since then, through innovative technology and outstanding customer service, the company has been redefining people's relationships with money across Latin America. With operations in Brazil, Mexico, and Colombia, Nubank is today one of the largest digital banking platforms and technology-leading companies in the world.
Today, Nubank is a global company, with offices in São Paulo (Brazil), Mexico City (Mexico), Buenos Aires (Argentina), Bogotá (Colombia), Durham (United States), and Berlin (Germany). It was founded in 2013 in Sao Paulo, by Colombian David Vélez, and cofounded by Brazilian Cristina Junqueira and American Edward Wible. For more information, visit www.nubank.com.br.
About the Role
The IT Risk Senior Analyst is a subject matter expert in IT and cybersecurity risk management who will be responsible for conducting risk assessments on IT and cybersecurity products, features and critical components of Nubank's ecosystem, implementing IT Risk control tests automations, for monitoring IT and cybersecurity incidents to identify potential systematic flaws and ensure that identified risks are properly controlled and mitigated. In this role, you will have contact with different technologies and will have the opportunity to develop your knowledge in the most cutting edge technology. You will also work closely with Infosec and Engineering teams while being mindful of business requirements.
- Conduct regular risk assessments on existing IT systems, applications (e.g., microservices, APIs, webapps, mobile apps, etc.) and telecommunications infrastructure to verify the sufficiency and effectiveness of the IT and cybersecurity controls in place, identify potential risks, and define action plans for risk mitigation.
- Perform risk assessments of third-party vendors such as SAAS, professional IT services, BPOs and external APIs to assess their security posture and ensure that proper controls to mitigate risks are in place.
- Execute technology risk assessments on new products & features according to the standard methodologies, policies and general practices of the firm.
- Provide subject matter expertise in IT and cybersecurity risk during the implementation of new IT systems, telecommunication infrastructure, and third-party services, as well as on major changes in existing technology supporting business products in Mexico.
- Monitor IT and cybersecurity incidents to identify potential systematic flaws that require improvements on the IT control environment. Analize incident information and other available documentation about associated existing processes and technology, identify alternatives for risk mitigation, and connect the action plans with the risk governance methodology of the firm.
- Implement available IT Risk control tests automations and ensure that identified risks are properly controlled and mitigated.
- Establish and maintain effective communication channels with relevant stakeholders to facilitate timely identification and resolution of IT and cybersecurity related issues.
- Minimum of 3 years of experience in cybersecurity or IT Risk Management
- Bachelors’ degree in Computer Science, MIS business, or equivalent experience
- In-depth knowledge of IT and cybersecurity risk management concepts, practices and methods
- Understanding of cloud computing models such as Infrastructure as a Service (IaaS), Platform as a Service (PaaS), and Software as a Service (SaaS). Familiarity with cloud providers like Amazon Web Services (AWS) and serverless technologies
- Understanding of cybersecurity concepts such as confidentiality, integrity and availability; supply chain risks, cryptography, endpoint and network security, cloud security, mobile security, API security, etc.
- Understanding of DevOps practices and tools used in cloud environments, such as continuous integration/continuous deployment (CI/CD) pipelines and containerization
- Knowledge of risk management frameworks and methodologies to identify, assess and manage IT risks
- An advanced degree (e.g., MS with concentration in information systems) is a plus
- Certificates in information security or IT risk management (CISSP, CEH, OSCP, CISA, CISM, CRISC, ISO27001 and/or other) is a plus
- Advanced knowledge in frameworks such as Mitre or NIST
- Fluency in both English and Spanish.
The position is based in Mexico City, Mexico.
- 17 days of paid vacation per year
- Life Insurance
- NuLanguage - Our language learning program
- NuCare - Our mental health and wellness assistance program
- Extended maternity and paternity leaves
- Chance of earning equity at Nubank
Diversity and Inclusion at Nu
We want to build products and experiences for everyone who wants to take back control over their finances, that’s why we build strong and diverse teams that rise up to the challenge. We are a team of the most creative people in technology, and we hire under equal opportunity, irrespective of gender, ethnicity, religion, sexual orientation or background. We are proud to say that 30% of our team recognize themselves as part of the LGBTQ+ community, and 40% of our team identify as women, in all positions and seniority levels. We are a very process-light organization that values human interactions, and that is a very important part of our culture. At nu, everyone has the opportunity to speak up and participate, grow and share ideas.