Senior Security Engineer (Information Security)

Nu is one of the largest digital financial platforms in the world, with more than 122 million customers across Brazil, Mexico, and Colombia. Guided by our mission to fight complexity and empower people, we are redefining financial services in Latin America and this is still just the beginning of the purple future we're building.

Listed on the New York Stock Exchange (NYSE: NU), we combine proprietary technology, data intelligence, and an efficient operating model to deliver financial products that are simple, accessible, and human.

Our impact has been recognized by global rankings such as Time 100 Companies, Fast Company’s Most Innovative Companies, and Forbes World’s Best Bank. Visit our institutional page https://international.nubank.com.br/careers/  

This position is for a Senior Information Security Engineer (IC5) to join the BSec team within the ITSec organization, a team at the forefront of InfoSec innovation at Nubank.
BSec is Infosec's partner in the Business Units; our vision is to empower Nu's secure foundation, embedding security in business decisions and protecting our long-term goals.

• Assess security gaps within the organization, in different technologies and business contexts, enabling risk treatment and designing action plans as necessary;
• Assess and develop policies and procedures related to information security and risk management, specially for third-party;
• Support compliance with regulatory requirements related to security and privacy providing visibility and technical guidance;
• Collaborate with cross-functional teams to understand the business requirements, and translate them into technical specifications;
• Work closely with the Risk teams to align on mitigation of identified risks;
• Define guidelines and best practices on business security matters that empower Nubankers to perform their work efficiently and securely;
• Work in a multidisciplinary and global team, interacting with teams mainly in Brazil, Mexico, Colombia and the US.

• Proven experience in designing and implementing security controls;
• Familiarity with different domains and concepts of cyber and business security;
• Strong inclination towards data-driven decision-making;
• Experience with TPRM (third-party risk management);
• Analysis of existing business processes and identify potential risks related to information security;
• Experience with risk analysis techniques like risk identification, assessment and prioritization and qualitative and quantitative risk assessment techniques is needed;

• Experience with large-scale distributed environments;
• Good understanding of cybersecurity principles, risk management frameworks (such as NIST Cybersecurity Framework, NIST SP 800-30, ISO 27001, ISO 27002, PCI-DSS, SOC 2 Type II);
• Excellent communication and problem-solving skills are important to effectively assess and communicate risks to internal and external stakeholders;
• Previous work experience in consulting or advisory roles is often preferred.

Hybrid 2-3 times/week: Our hybrid work model brings us to the office at least twice a week, on strategic days designed to maximize team connection and collaboration. For more details, visit https://building.nubank.com/nu-hybrid-work-model/