Information Security Governance Manager

• Lead and develop a high-performing Information Security team focused on Risk Management and Security Governance;
• Drive the identification, assessment, prioritization, and treatment of information security risks, ensuring clear visibility and effective communication of risk exposure to senior leadership;
• Oversee the implementation, maintenance, and continuous improvement of compliance programs and certifications, including ISO/IEC 27001, ISO/IEC 27701, ISO/IEC 27018, and PCI DSS;
• Define and maintain the Information Security governance framework, including policies, standards, procedures, and control oversight;
• Coordinate internal and external audits, security assessments, and the execution of remediation and risk treatment plans;
• Define, monitor, and report security KPIs, KRIs, and program effectiveness metrics, providing actionable insights to business and executive stakeholders;
• Drive the organization's security awareness and culture strategy through training programs, phishing simulations, targeted campaigns, and employee engagement initiatives;
• Partner with cross-functional teams (Legal, Risk, HR, Engineering, Product, and Compliance) to embed security and risk management practices into business processes and strategic initiatives;
• Ensure security requirements are incorporated into new products, services, vendors, and third-party relationships from the earliest stages of engagement;
• Provide regular reporting on security governance, compliance status, risk landscape, and strategic initiatives to leadership and relevant governance forums;
• Foster a culture of accountability, continuous improvement, and security-first decision-making across the organization.

• Proven experience leading teams, with the ability to motivate, coach, and develop people;
• Strong expertise in Information Security Risk Management, including risk identification, assessment, prioritization, treatment, and executive-level reporting;
• Deep knowledge of Information Security Governance and Compliance, including risk management, internal controls, and security frameworks;
• Hands-on experience with global standards and certifications such as ISO/IEC 27001, ISO/IEC 27701, ISO/IEC 27018, and PCI DSS;
• Strong communication skills, with the ability to translate technical risks into business impacts for both technical and executive audiences;
• Proven track record managing audits, assessments, and external regulatory demands;
• Analytical mindset with a business-oriented approach, connecting security decisions, risk exposure, and compliance requirements with strategic goals;
• Experience designing and running awareness programs that go beyond checklists and truly shift culture;
• Passion for innovation and AI-driven efficiency, with a proactive approach to leveraging AI and automation to optimize processes, reduce operational overhead, and enhance operational effectiveness;
• Advanced English — you’ll often interact with international stakeholders.

• Advanced certifications in Information Security, Risk Management, or Governance, such as ISO/IEC 27001 Lead Auditor/Lead Implementer, CRISC, CISM, CISSP, or similar;
• Experience working in global or multicultural environments, with distributed teams and international operations;
• Familiarity with additional governance and risk frameworks such as NIST CSF, COBIT, SOX, or third-party risk management programs;
• Knowledge of cloud security standards (e.g., AWS, GCP, Azure) and secure development practices;
• Hands-on experience with awareness platforms (e.g., KnowBe4, Wombat, MetaCompliance) and phishing simulation tools;
• Experience presenting security and risk topics to executive committees, boards, or senior leadership forums;
• Previous involvement in security incident response, including coordination and post-incident reviews;
• Passion for building a security culture, storytelling, and engaging people in non-technical areas;
• Hands-on experience using Artificial Intelligence (AI) or Machine Learning to automate governance processes, enhance risk analysis, streamline controls management, or improve compliance monitoring.

• WAVES Program: Annual bonuses based on the company’s performance.
  
  
• Meal/Food Allowance: Credit provided on a flexible benefits card.
  
  
• EBANX Education: Financial support for undergraduate, graduate, and MBA programs to support your professional growth.
  
  
• EBANX Skills: Budget dedicated to workshops, courses, and certifications to encourage your continuous development.
  
  
• Language Classes: Spanish, English, and Portuguese lessons for your personal and professional development.
  
  
• EBANX Health: Comprehensive medical and dental plans fully covered for the employee, plus subsidies for dependents to take care of your and your family’s well-being.
  
  
• EBANX Family: Childcare assistance, extended parental leave for caregivers, and support programs for pregnant employees and children.
  
  
• Life Insurance: Fully paid by EBANX.
  
  
• Transportation: Parking assistance or transportation vouchers, depending on your needs.
  
  
• EBANX Flexible: A special day off on your birthday, semi-flexible working hours (8 hours/day, Monday to Friday), and year-end recess between Christmas and New Year’s without affecting your vacation days.
  
  
• EBANX Play: Well-being program including access to Wellhub, e-Sports, and partnerships with SESC.
  
  
• Blue Club: Exclusive discounts at bakeries, restaurants, stores, courses, and more.

Follow us on LinkedIn and check out our Instagram to learn more about the #ebanxlife.