• Define, establish and implement organizational information security processes, to ensure business, regulatory, legislative and contractual requirements and obligations are met. • Manage the internal and external ISMS audit processes, monitor effectiveness of controls and corrective actions in cooperation with the stakeholders across the organization. • Manage gap analysis, compliance readiness, and compliance monitoring activities for ISO/IEC 27001, PCI DSS and other regulatory security audits. • Coordinate external security audits, assessments and testing as well as remediation plans development and implementation. • Identify, assess and monitor information security risks and recommend mitigation measures. • Develop content, coordinate and facilitate a comprehensive organizational information security awareness training program. • Manage security requirements with third parties, including due diligence of products and services providers and information security requirements clauses in service provision agreements and contracts. • Develop, coordinate and maintain information security policies, procedures and other security related documents. • Analyse, map and communicate information security requirements, that derive from legislative and regulatory obligations in various jurisdictions. • Serve as project manager/lead within security projects. • Continually improve and update knowledge to accommodate changes to the company’s regulatory environment and needs.

• Secure SaaS, Endpoints, and the Extended Workforce. • Evaluate, configure, and harden SaaS applications (Google Workspace, Microsoft 365, Slack, HRIS, ticketing) to align with enterprise security policies. • Collaborate with Endpoint/IT teams to define and enforce baseline configurations for laptops, workstations, and other managed devices via MDM and EDR. • Develop and implement strategies and tooling for Data Loss Prevention (DLP) and the mitigation of insider risks within the organization. • Partner with Information Technology to implement, configure, and monitor highly secure workforce identity solutions (e.g., Okta/Entra and other IdPs). • Define and maintain RBAC/ABAC patterns for enterprise applications, focusing on role models, entitlements, and separation of duties. • Design and deploy controls that combine user identity, device posture, network context, and application sensitivity to aggressively enforce least-privilege access. • Author clear documentation and runbooks that make it easy for teams to consume and operate the controls you build.

• Responsible for preventing accidents, occupational illnesses and environmental risks • Ensure company activities are carried out in compliance with health, safety and environmental regulations • Prepare spreadsheets with accident statistics • Define and supervise the use of personal and collective protective equipment • Inspect and prepare spreadsheets documenting QSSMA (Quality, Safety, Health and Environment) irregularities • Enter and maintain up-to-date information in the system database • Control the maintenance of firefighting equipment • Prepare the PPRA document - Programa de Prevenção de Riscos Ambientais (Environmental Risk Prevention Program)

• Lead Users and Organizations (U&O) product platform capabilities • Define and drive the vision, strategy, and roadmap for user and organizational management • Manage access (authorization and authentication) management, and customer-facing security and identity capabilities • Lead product development across user lifecycle management, modern authentication and authorization models (including SSO, MFA, RBAC/ABAC) • Drive scalable organization management capabilities such as multi‑tenant architecture, org hierarchies, billing structures, and cross‑organization governance • Collaborate with Security to translate security and compliance requirements into intuitive platform features • Ensure security requirements, policies, and controls are translated into scalable, usable, and auditable platform capabilities for customers