Senior Cyber & IT Risk

Mexico City - Mexico

Monthly Salary: Not Disclosed

Posted on: 2 days ago

Vacancies: 1 Vacancy

Job Summary

About Us

Nu is one of the largest digital financial platforms in the world with more than 127 million customers across Brazil Mexico and Colombia. Guided by our mission to fight complexity and empower people we are redefining financial services in Latin America and this is still just the beginning of the purple future were building.

Listed on the New York Stock Exchange (NYSE: NU) we combine proprietary technology data intelligence and an efficient operating model to deliver financial products that are simple accessible and impact has been recognized by global rankings such as Time 100 Companies Fast Companys Most Innovative Companies and Forbes Worlds Best Bank. Visit our institutional page the role

Strategic and regulatory centered on the design and strengthening of the Technology Riskframework and on overseeing its implementation through the Technology Risk area and the business areasensuring comprehensive forward-looking management aligned with regulation and the companys strategy.

Supports the oversight and development of the Technology Risk function definingframeworks metrics and guidelines and supervising the proper management of risks arising from systemsdata infrastructure and technology third parties. Acts as the main point of contact with governing bodies andregulators on IT Risk matters coordinates the response to major incidents and technology crises and helpsexecute tests assessments and monitoring of the technology environment.

Youll be responsible for

Define update and oversee the Technology Risk framework including policies standards methodologies and assessment and reporting criteria.
Establish update and monitor technology risk metrics (KRIs RAS) consolidating the view of exposure and trends for governing bodies.
Lead the preparation of regulatory reports and presentations to committees and governing bodies on Technology and Cybersecurity Risk.
Prepare responses and coordinate attention to regulatory and audit requests related to Technology Risk interacting directly with those authorities when appropriate.
Oversee the management of high-materiality technology and cybersecurity incidents including proper classification root-cause analysis and definition of corrective actions.
Oversee the execution of institutional crisis protocols associated with technology and cybersecurity incidents facilitating pre-crisis reports internal communications and coordination with key areas.
Support the first line in defining and updating disaster recovery plans (DRP) and in their testing playing a second-line review and challenge role on the adequacy of technology controls and recovery capabilities.
Participate in the execution of the BIA reviewing and challenging the technology dependencies identified by the first line ensuring they adequately reflect criticality and exposure to Technology Risk.
Collaborate with senior colleagues and technical areas to determine the root cause of material technology gaps and agree on remediation plans and control-strengthening actions.
Provide guidance and challenge technology risk assessments for new products features and architectures ensuring consistency and completeness.
Design and maintain IT Third-Party Risk frameworks aligned with institutional standards and regulatory requirements.
Oversee the quality and consistency of IT and cybersecurity control testing technology RCSAs and incident monitoring.
Act as a key advisor to the leadership of Risk Engineering Security Data and other areas fostering a strong culture of Technology Risk management.
Stay up to date on regulation technology trends emerging threats and industry best practicesincorporating these learnings into the evolution of the Technology Risk framework.

We are looking for a person who has

Minimum of 5 years of experience in cybersecurity or IT Risk Management.
Bachelors degree in Engineering Computer Science Information Technology a Risk Management related field or equivalent experience.
In-depth knowledge of IT and cybersecurity risk management concepts practices and methods.
Understanding of cloud computing models such as Infrastructure as a Service (IaaS) Platform as a Service (PaaS) and Software as a Service (SaaS). Familiarity with cloud providers like Amazon Web Services (AWS) and serverless technologies.
Understanding of cybersecurity concepts such as confidentiality integrity and availability supply chain risks cryptography endpoint and network security cloud security mobile security API security etc.
Understanding of DevOps practices and tools used in cloud environments such as continuous integration/continuous deployment (CI/CD) pipelines and containerization.
Knowledge of risk management frameworks and methodologies to identify assess and manage risks.
Proven experience in risk management within the fintech sector is a plus.
An advanced degree (e.g. MS with concentration in information systems) is a plus.
Certificates in information security or IT risk management (CISSP CEH OSCP CISA CISM CRISC ISO27001 and/or other) is a plus.
Proficiency in using risk management software tools and agile methodologies is highly preferred.
An ability to navigate and thrive in a technology-driven environment with a strategic mindset towards leveraging technology in risk management to transform our day-to-day.
Fluent in English and Spanish with exceptional communication skills to articulate complex risk scenarios and strategies effectively.

Location for this opportunity (City Country)

Mexico City Mexico

Our Benefits

Chance of earning equity at Nubank
Food/ Meal Card (Vale-Refeição and/or Vale Alimentação)
Public Transportation Commuting Benefit (Vale-Transporte)
NuCare Psychological Financial and Legal Assistance Program
Life Insurance
Medical Plan
Dental Plan
NuLanguage Language Course Program
Nucleo - Our learning platform of courses
Extended Parental Leave
Daycare Allowance
Parental Consultancy
Work-from-home Allowance
Gym Partnerships
30 days of paid vacation
Relocation Assistance Package if applicable

Work Model for this Role

Our hybrid work model brings us to the office at least twice a week on strategic days designed to maximize team connection and collaboration. For more details visit how we build technology at Nubank:

Listen to our stories on Spotify

Required Experience:

Senior IC

About UsNu is one of the largest digital financial platforms in the world with more than 127 million customers across Brazil Mexico and Colombia. Guided by our mission to fight complexity and empower people we are redefining financial services in Latin America and this is still just the beginning of...

About Us

Youll be responsible for

Define update and oversee the Technology Risk framework including policies standards methodologies and assessment and reporting criteria.
Establish update and monitor technology risk metrics (KRIs RAS) consolidating the view of exposure and trends for governing bodies.
Lead the preparation of regulatory reports and presentations to committees and governing bodies on Technology and Cybersecurity Risk.
Prepare responses and coordinate attention to regulatory and audit requests related to Technology Risk interacting directly with those authorities when appropriate.
Oversee the management of high-materiality technology and cybersecurity incidents including proper classification root-cause analysis and definition of corrective actions.
Oversee the execution of institutional crisis protocols associated with technology and cybersecurity incidents facilitating pre-crisis reports internal communications and coordination with key areas.
Support the first line in defining and updating disaster recovery plans (DRP) and in their testing playing a second-line review and challenge role on the adequacy of technology controls and recovery capabilities.
Participate in the execution of the BIA reviewing and challenging the technology dependencies identified by the first line ensuring they adequately reflect criticality and exposure to Technology Risk.
Collaborate with senior colleagues and technical areas to determine the root cause of material technology gaps and agree on remediation plans and control-strengthening actions.
Provide guidance and challenge technology risk assessments for new products features and architectures ensuring consistency and completeness.
Design and maintain IT Third-Party Risk frameworks aligned with institutional standards and regulatory requirements.
Oversee the quality and consistency of IT and cybersecurity control testing technology RCSAs and incident monitoring.
Act as a key advisor to the leadership of Risk Engineering Security Data and other areas fostering a strong culture of Technology Risk management.
Stay up to date on regulation technology trends emerging threats and industry best practicesincorporating these learnings into the evolution of the Technology Risk framework.

We are looking for a person who has

Minimum of 5 years of experience in cybersecurity or IT Risk Management.
Bachelors degree in Engineering Computer Science Information Technology a Risk Management related field or equivalent experience.
In-depth knowledge of IT and cybersecurity risk management concepts practices and methods.
Understanding of cloud computing models such as Infrastructure as a Service (IaaS) Platform as a Service (PaaS) and Software as a Service (SaaS). Familiarity with cloud providers like Amazon Web Services (AWS) and serverless technologies.
Understanding of cybersecurity concepts such as confidentiality integrity and availability supply chain risks cryptography endpoint and network security cloud security mobile security API security etc.
Understanding of DevOps practices and tools used in cloud environments such as continuous integration/continuous deployment (CI/CD) pipelines and containerization.
Knowledge of risk management frameworks and methodologies to identify assess and manage risks.
Proven experience in risk management within the fintech sector is a plus.
An advanced degree (e.g. MS with concentration in information systems) is a plus.
Certificates in information security or IT risk management (CISSP CEH OSCP CISA CISM CRISC ISO27001 and/or other) is a plus.
Proficiency in using risk management software tools and agile methodologies is highly preferred.
An ability to navigate and thrive in a technology-driven environment with a strategic mindset towards leveraging technology in risk management to transform our day-to-day.
Fluent in English and Spanish with exceptional communication skills to articulate complex risk scenarios and strategies effectively.

Location for this opportunity (City Country)

Mexico City Mexico

Our Benefits

Chance of earning equity at Nubank
Food/ Meal Card (Vale-Refeição and/or Vale Alimentação)
Public Transportation Commuting Benefit (Vale-Transporte)
NuCare Psychological Financial and Legal Assistance Program
Life Insurance
Medical Plan
Dental Plan
NuLanguage Language Course Program
Nucleo - Our learning platform of courses
Extended Parental Leave
Daycare Allowance
Parental Consultancy
Work-from-home Allowance
Gym Partnerships
30 days of paid vacation
Relocation Assistance Package if applicable

Work Model for this Role

Our hybrid work model brings us to the office at least twice a week on strategic days designed to maximize team connection and collaboration. For more details visit how we build technology at Nubank:

Listen to our stories on Spotify

Required Experience:

Senior IC

Key Skills

Apply Now

About Company

Nubank

Você finalmente no controle do seu dinheiro. Controle total do cartão de crédito e da conta 100% digital

View Profile View Profile

AI AutoApply

Apply to 100+ jobs with one click

AI Resume Builder

Create an ATS-ready CV in minutes

AI Cover Letter

Write a personalized letter instantly

Senior Cyber & IT Risk

Mexico City - Mexico

Job Summary

About Us

Youll be responsible for

We are looking for a person who has

Our Benefits

Work Model for this Role

About Us

Youll be responsible for

We are looking for a person who has

Our Benefits

Work Model for this Role

Key Skills

About Company

Related Jobs