Information Security & Compliance Manager

About the Role

Crypto.com is seeking a motivated and driven individual to join our Information security and compliance team focused on the Brazil Regulations for Cybersecurity as well as other regulations throughout the Americas. The Information Security & compliance Manager is a project leader focused on providing expert consultation and relationship management with a specific focus on Cybersecurity integration and regulatory compliance and certifications. This position partners with key IT stakeholders, steering committee members, project and integration teams, technical leads, third parties and customers. You are also required to address and review compliance gaps and take a major role of giving recommendations and supporting on remediation activities. You will also be trusted to provide technical advice to ensure that security compliance requirements are met throughout all business units.

Job Responsibilities

• Design, document and update necessary control required to comply with international standards and local regulations including Central Bank of Brazil (BACEN).
• Manage the full life cycle of day-to-day security integration activities including coordination of detailed functional plans, communication with key stakeholders, and issue resolution. Create awareness of cross- functional inter-dependencies and establish prioritization for plan execution to minimize disruption on daily operations.
• Enforce and improve existing due diligence and security integration methods with inputs from core corporate security & compliance team in order to comprehensively assess the target organization's technical environment, security posture and capabilities, and inherit internal and third-party risks. Capture best practices and lessons learned throughout the due diligence period for continuous improvement for future acquisitions.
• Participate in internal and external security and privacy assessments, collecting data inventory and evaluate systems for security monitoring to track effectiveness of security controls in considering organizational security posture
• Perform security compliance activities, including conducting annual and project risk & control assessments and third-party assessments, and managing remediation activities.
• Evaluate technical and organizational controls to ensure effectiveness and compliance, including managing the control remediation efforts.
• Ability to weigh business needs against security concerns and recommends necessary changes to enhance information systems security

Qualifications

• Ensure adherence to Resolução BCB 85/2021 and BCB 198.
• Strong experience in BACEN audit preparation and examination
• Advanced English proficiency (reading/writing).
• Strong leadership skills and ability to work effectively with a multi-disciplinary set of stakeholders across different levels and with minimal supervision
• Strong understanding of the business impact of security tools, processes and policies as well as high proficiency in how to assess risk and business impact. Solid analytical skills and understanding of processes, technology and operational concepts
• Highly motivated and demonstrated ability and desire to work in a fast-pace and dynamic working environment
• Technical knowledge of IT processes to include configuration management, networking, database management, application coding, availability, data center operations, etc.
• Strong experience in information security, IT audit or IT risk management related roles
• Prefer experience with any of the following: ISO27001 and ISO27701 standards, and data protection regulations and requirements
• Holders of security-related certifications/qualifications will be an advantage (CISSP, CRISC, CISM, CISA, ISO27001 LA, CIPT, CIPP/E, etc.)
• At least 5+ years of relevant security technology experience, in which 2+ years’ experience supporting BACEN regulated activities in a Business or IT role

Preferred:

• Be a friendly team player with a positive attitude
• Demonstrate a strong commitment to personal learning and development
• Detail minded with an analytical mindset
• Good communication skills with an ability to explain complex technical issues to non-technical business users
• Prior experience with project management
• Interest and understanding of Blockchain beneficial but not mandatory
• Proficiency in both spoken and written English