IT Risk Senior Specialist

About Us

Nu is one of the largest digital financial platforms in the world with more than 127 million customers across Brazil Mexico and Colombia. Guided by our mission to fight complexity and empower people we are redefining financial services in Latin America and this is still just the beginning of the purple future were building.

Listed on the New York Stock Exchange (NYSE: NU) we combine proprietary technology data intelligence and an efficient operating model to deliver financial products that are simple accessible and human.

Our impact has been recognized by global rankings such as Time 100 Companies Fast Companys Most Innovative Companies and Forbes Worlds Best Bank. Visit our institutional page the team:
The IT Risk Team is part of the Risk Management Tribe at Nubank responsible for identifying and managing technology and information security risks across information technology systems including microservices and processes. IT Risk Management consists of helping the business identify threats and vulnerabilities to mitigate information technology risks that could materialize and negatively impact data confidentiality integrity and availability.

About the role:

As an IT Risk Senior Specialist (IC6) you will act as a senior individual contributor responsible for shaping and advancing Nubanks technology and cybersecurity risk practices across complex environments including distributed systems microservices and critical business processes.

This role goes beyond execution: you will operate as a strategic partner to engineering security and business stakeholders driving medium-term risk strategies influencing decision-making and establishing standards that strengthen the organizations resilience.

You will lead complex risk initiatives with high ambiguity guide risk prioritization at scale and translate technical and risk concepts into clear executive insights for forums and addition you will mentor peers elevate risk practices across teams and contribute to the growth and maturity of the IT Risk function.

Youll be responsible for

• Lead end-to-end technology and cybersecurity risk assessments for complex initiatives systems or business domains driving risk decisions aligned with organizational priorities and medium-term strategy.
• Drive cross-functional risk initiatives involving multiple teams and stakeholders navigating ambiguity and influencing technical and business decisions through structured analysis and scenario evaluation.
• Define evolve and promote risk management standards frameworks and governance practices to ensure scalable and consistent application across technology environments.
• Prepare and present relevant technology and cybersecurity risk topics assessments and recommendations in executive forums and risk committees enabling informed decision-making and organizational alignment.
• Design and mature risk monitoring capabilities including key risk indicators (KRIs) metrics and insights that improve proactive risk visibility and operational resilience.
• Provide technical leadership and mentorship within the IT Risk function supporting peer development hiring processes and the continuous evolution of risk practices and methodologies.

We are looking for a person who has

• 8 years of experience in technology and cybersecurity with a strong focus on risk assessment analysis and mitigation within complex and large-scale environments.
• Deep knowledge of modern technology environments including information security identity and access management cloud-native architectures (e.g. AWS and GCP) container and serverless security (e.g. EKS GKE Lambda) and distributed systems communication (e.g. Kafka or similar messaging platforms).
• Proven ability to translate complex technical topics into clear business and executive-level language adapting communication to diverse audiences and decision-making contexts.
• Demonstrated experience operating in ambiguous environments influencing cross-functional stakeholders and supporting risk-based decision-making at senior levels.
• Advanced English communication skills (written and verbal).
• Bachelors degree in Information Security Computer Science Engineering or a related field. Masters degree or relevant certifications (e.g. CISA CISSP CISM CRISC or equivalent) are considered a plus.
• Strong understanding of information security principles risk management frameworks and regulatory requirements (e.g. NIST LGPD ISO 27001).
  
  

Location for this opportunity (City Country)

• São Paulo Brazil

Our Benefits

• Chance of earning equity at Nubank
• Food/ Meal Card (Vale-Refeição and/or Vale Alimentação)
• Public Transportation Commuting Benefit (Vale-Transporte)
• NuCare Psychological Financial and Legal Assistance Program
• Life Insurance
• Medical Plan
• Dental Plan
• NuLanguage Language Course Program
• Nucleo - Our learning platform of courses
• Extended Parental Leave
• Daycare Allowance
• Parental Consultancy
• Work-from-home Allowance
• Gym Partnerships
• 30 days of paid vacation
• Relocation Assistance Package if applicable

Work Model for this Role

• Option 1: Hybrid 2-3 times/week: Our hybrid work model brings us to the office at least twice a week on strategic days designed to maximize team connection and collaboration. For more details visit how we build technology at Nubank:

  Listen to our stories on Spotify