IT Risk Analyst

About Us

Nu is one of the largest digital financial platforms in the world with more than 127 million customers across Brazil Mexico and Colombia. Guided by our mission to fight complexity and empower people we are redefining financial services in Latin America and this is still just the beginning of the purple future were building.

Listed on the New York Stock Exchange (NYSE: NU) we combine proprietary technology data intelligence and an efficient operating model to deliver financial products that are simple accessible and human.

Our impact has been recognized by global rankings such as Time 100 Companies Fast Companys Most Innovative Companies and Forbes Worlds Best Bank. Visit our institutional page the team:
The IT Risk Team is part of the Risk Management Tribe at Nubank responsible for identifying and managing technology and information security risks across information technology systems including microservices and processes. IT Risk Management consists of helping the business identify threats and vulnerabilities to mitigate information technology risks that could materialize and negatively impact data confidentiality integrity and availability.

About the role:
As an IT Risk Analyst you will be part of Nubanks Second Line of Defense playing a critical role in identifying assessing and governing technology and cybersecurity risks across complex cloud-based and data-driven environments.

You will work closely with the Engineering Security Product and Business teams to evaluate risks related to platforms products and processes ensuring they are properly understood documented and addressed through established risk governance processes. The role involves conducting risk assessments and thematic reviews monitoring key risk indicators supporting governance forums and responding to risk-related inquiries from stakeholders.

A key aspect of this position is contributing to the evolution of IT Risk through the use of automation data analytics and AI-enabled tools improving efficiency scalability and risk visibility. You will help strengthen risk processes metrics and methodologies translating technical risk topics into clear insights for both technical and executive audiences.

Youll be responsible for

• Conduct IT and cybersecurity risk assessments across multiple technology domains with limited supervision identifying vulnerabilities threats and potential impacts. Translate technical findings into clear risk insights that can be effectively communicated to stakeholders at various seniority levels.
• Assess and challenge technology and cybersecurity risks associated with products features and platforms ensuring that risks are identified documented and managed in accordance with established risk frameworks and governance forums.
• Monitor maintain and analyze Key Risk Indicators (KRIs) and Key Performance Indicators (KPIs) ensuring alignment with defined thresholds and risk appetite. Prepare dashboards reports and updates for both technical and non-technical audiences.
• Respond to risk-related inquiries through designated Risk Channels (e.g. Ask Risk NP&F) providing timely structured and high-quality risk guidance.
• Leverage automation and AI-enabled tools to improve efficiency consistency and scalability of risk activities including risk identification reporting control assessment and monitoring.
• Collaborate closely with cross-functional teams (Engineering Security Product Compliance) to support risk discussions workshops and thematic reviews.
  
  

We are looking for a person who has

• Experience in risk management with a focus on Information Technology and/or Cybersecurity.
• Bachelors degree in Information Security Computer Science Engineering or a related field.
• Solid understanding of technology environments including information security fundamentals identity and access management cloud-native environments (e.g. AWS GCP) and modern application architectures.
• Strong analytical and problem-solving skills with the ability to translate technical topics into clear business and risk-oriented insights.
• Experience in automation and AI-driven tools (e.g. data analysis platforms workflow automation dashboards or control testing automation) applied to risk security or operational contexts.
• Comfort working with data metrics and dashboards to support risk analysis and decision-making.
• Intermediate English proficiency (written and verbal) capable of participating in meetings and producing written risk materials.

Location for this opportunity (City Country)

• São Paulo Brazil

Our Benefits

• Chance of earning equity at Nubank
• Food/ Meal Card (Vale-Refeição and/or Vale Alimentação)
• Public Transportation Commuting Benefit (Vale-Transporte)
• NuCare Psychological Financial and Legal Assistance Program
• Life Insurance
• Medical Plan
• Dental Plan
• NuLanguage Language Course Program
• Nucleo - Our learning platform of courses
• Extended Parental Leave
• Daycare Allowance
• Parental Consultancy
• Work-from-home Allowance
• Gym Partnerships
• 30 days of paid vacation
• Relocation Assistance Package if applicable

Work Model for this Role

• Option 1: Hybrid 2-3 times/week: Our hybrid work model brings us to the office at least twice a week on strategic days designed to maximize team connection and collaboration. For more details visit how we build technology at Nubank:

  Listen to our stories on Spotify