Cybersecurity Governance Specialist - #5238985

We are looking for a Cyber Security Governance, Risk and Compliance specialist to join our team!

Since its inception in 2009, AstroPay has grown from a prepaid voucher provider in Brazil to become the online payment solution of choice for a rapidly growing global community of millions of passionate users in Latin America, Asia, Africa and Europe.

We aim to be ‘more than just a wallet’: from payment solutions to digital debit cards and crypto-investing. We’re driven by a strong entrepreneurial spirit with a can-do attitude, which keeps pushing us to innovate and offer new solutions.

Our customers and users expect the best, and our teams are proud to deliver it.

Tasks:

• As a Governance, Risk and Compliance specialist you will lead and coordinate the GRC engagements or projects related to industry standard and frameworks, with a strong focus on PCI compliance.

• You will also lead and perform security assessments (maturity, compliance, risks, etc.), identify and manage cyber security risks, monitor compliance with policies, as well as draft security policies and procedures aligned with the company’s regulatory and operational requirements.

• Collaborate with the Cybersecurity team on other related activities as well as building knowledge capital through research and leveraging industry best practices.

Requirements:

Required skills:

• Good verbal and written communication are a must, especially in producing formal documents which are comprehensive and without ambiguities.

• Team player with a positive, results-oriented attitude.

• Ability to work in a fluid environment with changing deadlines.

• Attention to detail and ability to follow through on action items.

• Strong organizational and proactive planning skills.

• At least 5 years of verifiable senior experience in cybersecurity, particularly applying risk management methodologies, such as those in ISO 27001, and sector-specific requirements, such as PCI-DSS.

• Strong experience in technology controls review, risk assessment, policy review and control review type of engagements with clients of different nature and industry

Knowledge in:

• security management systems and organizational security controls, including standards, best practices, and approaches to risk assessment and mitigation (such as NIST, PCI DSS, ISO 27001, ISO 27002, etc.)

• International and national statutory and regulatory requirements, and compliance obligations (GDPR, EU NIS Directive, EU CyberSecurity Act, etc.)

• Information security certifications, such as CISA/CISM/CRISC/CISSP are a plus.

• Project management experience is highly preferred.

Benefits:

• 100% remote work.

• Diverse and multicultural work environment.

• Extensive opportunities for growth and professional development.

• Constant training & development.

• English Lessons