Grupo QuintoAndar | Staff Security Engineer (GRC)

Cybersecurity São Paulo Brazil Remote Senior Full-TimeMar 10, 2026

Core Responsibilities

The role involves evolving the Information Security strategic plan based on risk exposure and maturity, and leading the end-to-end information security risk management process, including identification, assessment, and executive reporting. Key fronts include policies, third-party risk, incident governance, and contributing to AI governance and security.

Requirements

Candidates must have solid experience (7+ years) in Information Security GRC with practical performance in dynamic corporate environments, including leading risk management, governance, and third-party risk programs. A strong understanding of frameworks like NIST CSF 2.0, ISO 27001, and CIS is required, along with the ability to discuss security controls in depth across cloud, IAM, and data protection topics.

Key Skills & Technologies

Information Security GRC Risk Management Governance Compliance Frameworks Audits Controls Architecture Third Parties

Additional Information

Experience Level

5-10

Job Language

English

Work Mode

Remote