We are looking for a Full-remote Governance, Risk & Compliance (GRC) Consultant, to integrate directly the team of our client – a reference company in the computer & network security sector.
What will be your main tasks and responsibilities?
* Assess clients' cybersecurity governance, risk, and compliance posture, being able to identify gaps and provide actionable recommendations;
* Conduct risk assessments, identifying vulnerabilities, and recommending mitigation strategies, assisting clients in internal and external audits by ensuring robust documentation and explanations;
* Help clients develop and update information security policies and procedures, preparing reports and presentations outlining findings, recommendations, and compliance status;
* Plan and lead national and international cybersecurity projects, managing risks, and ensuring operational control, having a collaborative mindset to work with different teams.
What is required from you?
* Academic background in Computer Engineering, Science or similar areas;
* Minimum 03 years of experience in GRC;
* Solid understanding and practical experience with at least one major information security framework (e.g., ISO 27001, NIST CSF, COBIT);
* Strong analytical and problem-solving skills with the ability to interpret complex technical and regulatory requirements;
* Relevant certifications such as CRISC, CISM, CISA, ISO 27001 Implementer/Auditor, CISPP, ISO9001, GDPR or similar, will be a plus;
* Fluency both in Portuguese and English.
Sounds like you? Send us your CV and let's talk