O poder da nuvem é ilimitado. See ahead. Go ahead.
Analista de Governança – Segurança da Informação SR
Location
Brazil
Posted
9 hours ago
Salary
0
Seniority
Senior
Job Description
Analista de Governança – Segurança da Informação SR
SGA TI em Nuvem
• Conduzir avaliações (*assessments*) de maturidade em cibersegurança e mapeamento de lacunas (*gaps*) utilizando os principais frameworks de mercado. • Traduzir métricas e riscos puramente técnicos para uma linguagem corporativa e executiva acessível, apoiando diretamente a tomada de decisão da alta liderança. • Avaliar a conformidade e a eficácia prática de controles técnicos de segurança em ambientes *Cloud* e *On-premise*, atuando de forma profunda e baseada em evidências (fugindo de questionários superficiais). • Apoiar o ciclo completo de gestão de riscos, elaborando recomendações robustas de tratamento e estruturando fluxos formais de aprovação (incluindo a formalização de aceites de risco com condições e comentários técnicos). • Elaborar, revisar e atualizar políticas, normas e procedimentos de segurança da informação, garantindo que sejam de fato aplicáveis e conectados à realidade das áreas de negócio. • Desenvolver, monitorar e reportar indicadores de desempenho (KPIs) e de risco (KRIs) que demonstrem a evolução real e madura da segurança na companhia. • Apoiar no desenvolvimento de materiais, conteúdos pedagógicos e condução de treinamentos internos para a conscientização de colaboradores nos temas de Segurança da Informação.
Job Requirements
- Experiência prática, robusta e comprovada em Governança de TI, Gestão de Riscos, Compliance ou Cibersegurança em níveis seniores.
- Domínio prático e aprofundado da família de normas **ISO/IEC 27000** (com foco mandatório em **27001, 27002, 27005 e 27701**).
- Conhecimento sólido no framework **NIST CSF** para a estruturação de perfis e jornadas de maturidade.
- Capacidade analítica apurada para realizar auditorias e gestão de riscos em fornecedores (*Vendor Risk Assessment*) baseando-se estritamente em controles e evidências técnicas, e não apenas em aspectos teóricos.
- Excelente comunicação (oral e escrita), com habilidade comprovada para adaptar discursos altamente técnicos para públicos não técnicos e comitês executivos.
- Visão crítica e de processos para propor melhorias que unam de forma equilibrada segurança, conformidade e produtividade para as áreas de negócio.
Related Guides
Related Categories
Related Job Pages
More Security Analyst Jobs
Cybersecurity Analyst
CyberMaxxCyberMaxx prevents, detects, and responds to cyberattacks so organizations can have peace of mind.
• Formalize and deliver security product tuning requests to improve detection capabilities and overall efficiency • Develop and maintain incident response use incidents, knowledge base articles, and other relevant documentation • Coordinate basic forensics activities as needed • Conduct after action reviews on high impact and otherwise noteworthy incidents to identify process and human capital improvements • Aid in onboarding and mentoring new team members • Drive and Implement continuous improvement, open communication, and sharing of knowledge • Assist with creation, review, and upkeep of internal documentation • Facilitate reasonable out-of-hours communications such as company email and occasional SOC operations related phone calls to resolve escalated issues • Actively influence team collaboration, cross-training, and documentation • Act as a primary subject matter expert for one or more security products • Act as initial escalation point for complicated or sensitive work • Identify and resolve opportunities to automate repetitive tasks • Proactively propose improvements for how to reduce risk and potential future incidents • Maintain high-level of expertise with products in use and the ability to quickly familiarize with related technologies
Information Security Analyst I
SNHU CareersAt SNHU, we do life-changing work — and not just for our students. Find out how your life can change, too.
• Respond and perform analysis on security alerts and incidents. • Support technical investigations of complex or high-severity security threats or incidents. • Coordinate information security incident response with SNHU's Information Security Incident Response Plan. • Support the incident response lifecycle and have the analytical mindset needed when it comes to escalated investigations and investigations into novel security incidents. • Participate in incident containment and eradication activities like endpoint isolation, malware remediation, forensic analysis, malware analysis, community member interviews, and network traffic analysis. • Work cross-functionally across ITS and all SNHU teams to provide support, guidance, and technical implementations where appropriate, to include triage, containment, and remediation when applicable. • Analyze digital evidence to identify indicators of compromise, adversary activity, root cause, incident timelines, and attack vector(s). • Conduct real-time monitoring of security events from multiple sources and use analytical and critical thinking skills to identify, triage, analyze, investigate, and escalate information security events and alerts. • Help perform investigations in complex or high-severity security threats or incidents. • Communicate with partners, in a non-technical manner, at all organizational levels as part of incident response and remediation activities. • Review and help implement standard operational processes for handling common incident types. • Demonstrate a deep source of ethics, integrity, and confidentiality. • Can remain calm and function at the highest level during a crisis.
• Monitor, and investigate security alerts and events across enterprise environments • Perform proactive threat hunting activities to identify malicious behavior and vulnerabilities • Support incident response efforts including assessment, containment, investigation, and remediation • Use Splunk SIEM for log analysis, correlation, detection, and monitoring • Work with EDR technologies including Cisco AMP, CrowdStrike, and Trend Micro, Microsoft Defender • Help with vulnerability management activities and exposure analysis • Coordinate with third-party patch management providers to validate remediation efforts • Investigate suspicious activity, malware infections, phishing attempts, and endpoint threats • Document incidents, findings, and remediation recommendations • Collaborate with IT, infrastructure, and security teams across multiple regions • Help improve detection logic, monitoring processes, and security operational
Threat Intelligence Analyst – Senior
FS-ISACThe only global cyber intelligence sharing community solely focused on financial services.
• Lead complex intelligence investigations involving cyber threat actors, ransomware operations, nation-state activity, vulnerabilities, and emerging threats • Collect, correlate, and analyze intelligence from technical and non-technical sources • Produce tactical, operational, and strategic intelligence assessments for members and stakeholders • Analyze adversary tactics, techniques, and procedures (TTPs) and map findings to frameworks such as MITRE ATT&CK • Assess the impact of cyber incidents, geopolitical developments, technology trends, and systemic risks affecting the financial sector • Author intelligence reports, threat assessments, alerts, white papers, and executive briefings • Present intelligence findings and risk recommendations to executives, members, and external partners • Translate technical intelligence into actionable business and risk-management insights • Lead information-sharing initiatives, intelligence exchanges, and member engagement activities • Build and maintain relationships with financial institutions, government agencies, law enforcement, and industry partners • Represent the organization at conferences, webinars, and industry forums • Leverages AI to enhance analysis, decision-making, productivity, and innovation • Maintains awareness of emerging AI technologies, threats, and risks • Contribute to intelligence strategy, collection priorities, and analytical standards • Identify opportunities to improve intelligence methodologies, workflows, automation, and reporting capabilities • Lead cross-functional projects and support organizational cyber resilience initiatives • Mentor Threat Intelligence Analyst I and II team members and provide analytical coaching and product reviews • Promote best practices in intelligence collection, analysis, reporting, and information sharing




