Criamos oportunidades para a beleza transformar a vida das pessoas, e assim transformar o mundo ao nosso redor.
Risk Specialist I – Information Security
Location
Brazil
Posted
3 days ago
Salary
0
Seniority
Senior
Job Description
Risk Specialist I – Information Security
Grupo Boticário
• **Strategic Risk Partnership:** Map, identify, and model cyber and digital-origin corporate risk scenarios (such as data leaks, digital extortion, cyberattacks, and downtime) across the company's ecosystem, translating technical data into clear business-impact insights. • **Audit Orchestration:** Serve as the primary focal point and facilitator for internal and external audits. You will be the link between auditors and technology teams, constructively challenging findings, ensuring clarity of control objectives and validating that technical responses are robust. • **Maturity Advancement (NIST & CIS):** Conduct periodic assessments and manage the roadmap for Information Security maturity using the CIS Controls and NIST CSF frameworks to evaluate and raise the effectiveness of our technical controls. • **Action Plan Assurance (Remediation):** Support and guide technical teams in building effective action plans (APs), ensuring that proposed fixes address root causes and truly mitigate the issues identified in audits. • **PCI DSS Support:** Support the management, design, and effectiveness testing of controls related to PCI DSS certification, ensuring continuous compliance and the security of our transactional operations. • **Technological Resilience:** Actively collaborate in mapping discontinuity scenarios for critical environments, supporting decision-making that ensures business resilience and continuity based on technological criticality. • **Metrics and Awareness:** Operate GRC tools, review metrics, and create intelligent KRIs (Key Risk Indicators) to monitor the materialization of risks. In addition, you will support the dissemination of a risk and security culture across the company.
Job Requirements
- Experience in Risk Management and GRC:** Solid experience in Information Security risk management, Technology, Technical Controls, or IT audit.
- Proficiency with Industry Frameworks:** Practical knowledge and application of global frameworks, mandatorily NIST CSF and CIS Controls. Familiarity with ISO standards (31000, 27001, 22301) and COBIT is a plus.
- Audit and Controls Background:** Experience supporting Technology audits, as well as designing, implementing, and testing the effectiveness of mitigating and compensating controls.
- Regulatory Knowledge of PCI:** Familiarity with the requirements, architecture, and sustaining processes for PCI DSS certification.
- Threat Modeling and Metrics:** Strategic capability to conduct structured risk analyses (qualitative and quantitative) and develop customized modeling by line of business. Technical ability to translate risk exposure into actionable GRC indicators (KPIs and KRIs) to support decision-making.
- Artificial Intelligence:** Knowledge of Artificial Intelligence and the ability to use AI tools to optimize and improve process efficiency is a plus.
- Communication and Diplomacy (Soft Skills):** Excellent corporate communication skills, with the ability to translate complex technical terms into business impacts for different audiences. A consultative, resilient profile with strong influence to negotiate timelines and solutions with Information Security and Technology teams.
- Business Perspective:** Mindset focused on understanding the company's value chain, viewing security as a driver of trust and business growth.
- Builder and Autonomous Profile:** Entrepreneurial mindset (ownership) to independently manage highly complex projects, driving high‑value results and developing scalable, efficient operations.
Benefits
- Here, your **Health** is a priority
- . Medical and dental plan
- . Medication assistance
- . Health allowance for family members
- . Free psychotherapy sessions
- . Telemedicine and second medical opinion
- . Free flu vaccination
- . Health care programs
- To take care of your **Nutrition**
- . Meal voucher or local restaurant card (depending on work model)
- . Food allowance
- . Holiday food allowance
- Ensuring Well-being and Quality of Life in all aspects of life**
- . Gym and fitness studio plan
- . Home office allowance (hybrid and remote work models)
- . Pet health plan
- . Birthday day off
- . Up to 40% discount on our products
- . Employee membership (agreements and partnerships, multi‑brand store, Total Pass gyms, courses and much more!)
- . Travel and accommodation program
- For the **Family**, our most precious asset
- . Childcare assistance
- . Child nutrition credit
- . Babysitter allowance
- . School supplies allowance
- . Legal, psychological and social counseling
- . Support for atypical parents
- . Extended parental leave (180 days for mothers and 120 days for fathers)
- Mobility **for your on-site journey
- . Commuter benefit and parking (hybrid and on-site models)
- Financial Security **for protection and peace of mind
- . Life insurance
- . Support in the event of parents' passing
- . Private pension plan
- . Payroll-deductible loans
Related Guides
Related Categories
Related Job Pages
More Security Engineer Jobs
Director, Business Development – National Security Space (Clearance Required)
Sierra SpaceGiving humanity a platform in Space to benefit life on Earth.
• Build out enterprise-level business development strategy; identify and implement the steps needed to execute on the strategy across multiple business areas, market segments, and global regions. • Be responsible for one or more components of a division, program, or function at a group level or a key enterprise focus area within business development, including strategic accounts, market segments, or capability portfolios. • Establish strategic and tactical business development plans for functions/areas owned based on corporate strategy, market analysis, and competitive intelligence. • Make strategic decisions about pursuit strategies, resource allocation, and market positioning that are critical to business development performance with likely short-term and long-term impact. • Provide direction and lead activities through subordinate managers who have overall responsibility for the successful operation of assigned business development areas and major client relationships. • Be accountable for meeting financial plans, goals, and schedules for business development activities with a consistent focus on value creation, win rates, and return on business development investment. • Embody company culture and great leadership; serve as a catalyst for transformational change in business development approaches, systems, and organizational capabilities. • Drive enterprise-level business development initiatives that align with corporate strategic objectives and position the organization for sustainable competitive advantage. • Establish and oversee strategic partnerships and alliances that create significant business opportunities and market access across multiple segments. • Direct the development of innovative business models and approaches to capture new markets or expand existing ones, including adjacent market strategies and capability development. • Lead cross-functional teams to identify and pursue major business opportunities that require enterprise-wide coordination and executive sponsorship. • Interact with internal and external executive-level management on strategic matters related to business growth, market positioning, and competitive strategy. • Mentor and develop senior business development leaders to ensure organizational capability and succession planning for critical business development roles. • Uphold and model company values; hold others accountable to values in all business development activities, strategic decisions, and client interactions.
Offensive Security Researcher - Wireless Security
AppleWell-known for creating the Mac, iPhone, iPad, and Apple Watch, as well as its App Store, Apple Music, Apple Pay, and iTunes services, Apple's goal is to leave the world better tha
Role Description Apple's Security Engineering & Architecture organization is responsible for the security of all Apple products. Protecting our users is at the heart of everything we build, and our team takes an offensive approach to that mission by uncovering and fixing vulnerabilities impacting one of the world's most sophisticated ecosystems before adversaries can ever exploit them, all at the scale of more than one billion devices. In this role, your primary focus will be on the wireless attack surface of Apple platforms. You will conduct offensive security research across: - Cellular/baseband - Wi-Fi - Bluetooth stacks - Other wireless protocols such as Thread, NFC, and UWB These radios are reachable over the air and represent some of the most impactful proximity- and remote-triggerable attack surfaces on our devices. You will work in cross-functional teams alongside other researchers and engineering teams to identify and help eliminate vulnerabilities before they can be exploited. Knowledge of Apple operating systems such as iOS or macOS is a plus, but not required. This job is for individuals with outstanding technical skills, grit, and a genuine passion for breaking systems — so we can build them stronger. If this is you, we'd love to hear from you. In-office roles in Paris, Cupertino, and other locations. Remote considered for experienced candidates. Qualifications - Proven experience in vulnerability research targeting wireless technologies such as cellular/baseband, Wi-Fi, or Bluetooth - Strong understanding of vulnerability classes and exploitation techniques relevant to wireless protocol stacks and radio firmware, such as: - Memory corruption - Parsing and state-machine flaws - Cryptographic and authentication weaknesses - Protocol downgrade or logic attacks - Ability to apply AI techniques and tools, such as LLMs or Machine Learning, for security research activities Requirements - Deep knowledge of cellular technologies and 3GPP standards (2G/3G/4G/5G), baseband processors, and modem firmware internals - Experience analyzing protocol stacks, including their firmware, host-controller interfaces, and over-the-air protocol behaviour of wireless technologies like Wi-Fi (802.11) and Bluetooth/BLE or other short-range protocols like Thread, NFC, or UWB - Familiarity with binary reverse-engineering using tools like IDA and Ghidra, as well as the practical RF and over-the-air toolset, such as software-defined radio (SDR) and other equipment for capturing and injecting wireless signals
AI Cybersecurity Engineer – Offensive Security, Threat Modeling
Xenon SevenHuman Experts Implementing Artificial Intelligence #AI #ArtificialIntelligence #HumanIntelligence
• Predictive AI Threat Modeling: Lead advanced threat-modeling exercises across the bank’s localized AI/ML pipelines, data repositories, and training environments. Anticipate sophisticated attacker behaviors to design preemptive security guardrails before models are moved to production. • AI Red Teaming & Offensive Simulations: Conduct targeted offensive operations and ethical hacking against our on-premises AI infrastructure. Simulate real-world adversarial attacks, including data poisoning, model inversion, membership inference, evasion attacks, and prompt injection. • Framework Mapping with MITRE ATLAS: Implement and operationalize the MITRE ATLAS (Adversarial Threat Landscape for Artificial-Intelligence Systems) framework. Map identified vulnerabilities to ATLAS tactics and techniques to build a robust, AI-specific defensive matrix aligned with traditional MITRE ATT&CK. • On-Premises Infrastructure Hardening: Assess and secure the physical and virtual infrastructure hosting our AI workloads, including bare-metal GPU clusters, local containerized environments (Kubernetes/OpenShift), and private data registries, ensuring strict isolation from external threats. • Proactive Risk Management & Early Detection: Collaborate with the SOC and data engineering teams to build predictive detection use-cases and custom alerts. Identify the early warning signs of an AI-targeted attack or data exfiltration attempt before malicious actors can compromise model integrity.
AI Cybersecurity Architect – Governance, Control Frameworks
Xenon SevenHuman Experts Implementing Artificial Intelligence #AI #ArtificialIntelligence #HumanIntelligence
• Establish AI Security Governance Frameworks: Author, implement, and maintain the bank's enterprise-wide AI Security Policy. Align our internal AI governance with international standards (such as NIST AI RMF, ISO/IEC 42001, and OWASP Top 10 for LLMs) while strictly ensuring compliance with evolving Central Bank of Egypt (CBE) regulations and the Egyptian Data Protection Law. • Design & Build Cybersecurity Controls: Architect, enforce, and validate technical and administrative security controls tailored for the entire AI/ML lifecycle (Data Ingestion, Training, Deployment, and Inference). This includes building robust controls against data poisoning, model inversion, prompt injection, and unauthorized data exfiltration. • Secure MLOps Architecture: Define the reference architectures and secure guardrails for our Machine Learning Operations (MLOps) pipelines. Ensure that security checks, vulnerability scanning, and model integrity verifications are seamlessly integrated into our continuous deployment workflows. • Advanced AI Threat Modeling & Risk Assessment: Lead comprehensive risk assessments and threat-modeling exercises on all proprietary and third-party AI implementations. Identify structural risks in algorithmic logic, training data pipelines, and API integrations, translating technical risks into clear business governance metrics. • Third-Party & Vendor AI Governance: Develop and execute rigorous cybersecurity assessment frameworks for evaluating third-party AI tools, cloud-hosted models, and external vendors, ensuring they meet the bank’s strict data privacy and control standards.



