Info on the GRC Senior Analyst
Want to get to the next step in your international career? We can support you!
Ubiminds is a GPTW certified, people-first company that partners with American software product companies to scale their development footprint. Ubi custom-curates Brazilian top 5% talent for their LATAM strategy, offering a unique combo of staff augmentation and employer-of-record services.
Ubiminds is assisting a global rating agency established to restore trust in credit ratings and offer accurate and transparent ratings.
Challenge
We are looking for a passionate InfoSec professional to join the client information Security Governance Risk and Compliance (GRC) team. This position will report to our client Manager of Information Security Compliance under the Chief Information Security Officer.
What you'll do
- Oversee the management of the client compliance and continuous monitoring program, including for for public sector/federal clients
- Lead audits for SOC 2 Type 2, ISO 27001, ISO 27701, Internal Audits, and assist in FedRAMP audits when needed with support from the ISSO.
- Assist the ISSO in management of the client FedRAMP program, including review and updates to policies and procedures.
- Documentation of risks and deviations of insufficient policy or control implementation, and coordination with external teams to remediation
- Lead the client Third-Party and supply chain management program
- Lead third-party assessments of the clientp latforms for client audits
- Lead and coordinate completion of client assessments, questionnaires, deliverables, and communications
- Assist in documentation of the client controls implemented maintain its compliance program across products and information systems
- Provide support to other departments, acting as a Subject Matter Expert regarding compliance, privacy, and standards.
In order to succeed in this position, you will need:
Mandatory skills
- Experience as the lead for SOC 2 Type 2 and ISO 27001 audits.
- Experience dedicated to Information Security and Compliance
- Proactively manages and prioritizes team tasks to optimize individual strengths and collective productivity.
- Comfortable speaking directly with customers’ security teams and/or leadership, in a way that appropriately represents the company and security capabilities.
- Experience with cloud and/or SaaS security best practices
- Knowledge of and experience with information security concepts: encryption, application security, identity management, log management, disaster recovery, etc
- Experience with Windows, Mac OS X, and familiarity with Linux.
- Ability to balance multiple complex tasks and quickly prioritize
Nice to have
• Relevant certifications such as CISSP or CISA certification, or desire to obtain is a plus
About Ubiminds
Our Culture
People First. We are all about people!
Challenge yourself. There’s always room for improvement and continuous improvement is in our essence.
Make it happen. Be ready to take challenges as they come. It’s all about attitude and commitment.
We’re in this together. We work as a team, thrive as a team, and evolve as a team.
Averaging on awesome. We work hard to deliver high-quality services and look forward to exceeding expectations.
Keep it real. We promise you honesty, transparency, and openness, regardless of the situation.
Perks and Benefits
As a GRC Senior Analyst@Ubiminds, you:
- Are placed in a product-based company, with the same treatment as their full-time employees.
- Have our full back-office support, from career guidance to HR and concierge services.
- Enjoy our remote-first policy – we are a distributed team, after all.
- Get your own MacBook (none of that "bring your own device" stuff here).
- Have access to growth opportunities with other amazing technology professionals, through tech talks, chapter meetings, and even remote happy hours for tons of fun!
- Improve your English through free lessons with a native English speaker - get to the next level on your communication skills!
- Miss working in the office? Our cool Florianópolis headquarters is available, whenever you want, with weekly quick massages & tasty snacks, soft drinks, and games
How our process works
1. Interview with Tech Recruiter (chat about the job opening and your experiences)
2. Client process (this may vary)
3. Offer (yay)
