Lead Security Engineer - Internal Controls
Job Description
- Support definition and implementation of internal controls methodology
- Conduct comprehensive assessments of internal controls
- Identify gaps and improvement opportunities
- Lead control reviews and facilitate discussions
- Work closely with Risk teams
- Prepare audit reports and dashboards
- Support response to audit requests
- Mentor and guide junior analysts
- Collaborate with Engineering, Product, IT teams
- Lead internal controls, audit, risk, compliance initiatives
- Design and implement compliance processes
- Knowledge of regulatory landscape (SOx, BACEN, SEC)
- Familiarity with cybersecurity frameworks (PCI-DSS, ISO 27k, NIST)
- Evaluate and implement controls in cloud environments
- Excellent analytical skills
- Proficiency in project management
- Proficiency in technical and risk assessment
- Advanced English proficiency
- Health, dental and life insurance
- Meal allowance
- Transportation assistance
- 30 days of paid vacation
- Equity at Nubank
- Parking partnership
- Free bike parking with showers
- NuCare - Mental health and wellness assistance
- NuLanguage - Language learning program
- Gympass partnership
- Extended maternity and paternity leaves
- Child care allowance
- Espaço Feijão - Private nursing and breastfeeding spaces
- Onsite Health Center
About Nubank
Nubank was founded in 2013 to free people from a bureaucratic, slow and inefficient financial system. Since then, through innovative technology and outstanding customer service, the company has been redefining people's relationships with money across Latin America. With operations in Brazil, Mexico, and Colombia, Nubank is today one of the largest digital banking platforms and technology-leading companies in the world.
Today, Nubank is a global company, with offices in São Paulo (Brazil), Mexico City (Mexico), Buenos Aires (Argentina), Bogotá (Colombia), Durham (United States), and Berlin (Germany). It was founded in 2013 in Sao Paulo, by Colombian David Vélez, and cofounded by Brazilian Cristina Junqueira and American Edward Wible. For more information, visit www.nubank.com.br.
About the team
The Governance, Risk and Compliance (GRC) team enables Nubank to ensure compliance with legal, regulatory, and internal requirements, while continuously identifying, classifying, and monitoring risks, and providing strategic insights and performance evaluation to leadership.
GRC squad is responsible for collaborating with multidisciplinary teams to drive alignment between our technology security strategy and Nubank's overall objectives. We ensure that identified risks are mitigated, empowering risk-based decision-making by leadership both within and beyond the IT and Security Business Unit.
As a Lead Security Engineer, you will:
- Support the definition and implementation of the internal controls methodology.
- Conduct comprehensive assessments of internal controls to ensure adherence to company policies, legal requirements, and industry standards.
- Identify gaps and improvement opportunities within the internal controls landscape.
- Lead control reviews and facilitate discussions to ensure timely resolution of identified issues.
- Work closely with the Risk teams to align on mitigation of identified risks.
- Prepare clear and concise audit reports around findings and action plans, and dashboards for management and relevant stakeholders
- Support the response to audit requests, regulatory inquiries and due diligence from business partners.
- Mentor and guide junior analysts in the team, fostering a culture of continuous improvement and learning.
- Work closely with Engineering, Product, IT, and other multidisciplinary and global teams to integrate compliance requirements into processes and systems
We are looking for a professional who has:
- Prior experience leading internal controls, audit, risk, and compliance initiatives.
- Proven expertise in designing and implementing compliance processes.
- Knowledge on the regulatory landscape, including but not limited to SOx, BACEN, CVM, CNBV, ANBIMA, SEC, and other relevant regulations.
- Familiarity with diverse cybersecurity domains and concepts such as PCI-DSS, ISO 27k family, NIST, ITIL, COBIT and similar frameworks.
- Experienced in evaluating and implementing controls in cloud environments (e.g. AWS, GCP).
- Excellent analytical skills with the ability to interpret complex data and translate findings into actionable insights.
- Proficiency in project management and leading process improvement initiatives.
- Proficiency in technical and risk assessment, with the ability to effectively communicate and collaborate with engineers, business process owners, auditors, and other stakeholders to translate complex technical concepts into actionable projects.
- Advanced English proficiency for both written and spoken communication.
Role Location
Benefits
- Health, dental and life insurance
- Meal allowance
- Transportation assistance
- 30 days of paid vacation
- Equity at Nubank
- Parking partnership - discounted parking in our office
- Free bike parking with showers available
- NuCare - Our mental health and wellness assistance program
- NuLanguage - Our language learning program
- Gympass partnership
- Extended maternity and paternity Leaves
- Child care allowance
- ‘Espaço Feijão’- Private nursing and breastfeeding spaces in our buildings
- Onsite Health Center - Medical support for every Nubanker in our office
Diversity & Inclusion
At Nubank, we want to be sure that we're building a more diverse and inclusive workplace that reflects the customers we serve and seek to empower. That's why we hire based on equality. We consider gender, ethnicity, race, religion, sexual orientation, and other identity markers as enriching elements to our company while ensuring neither of them represent a barrier when recruiting fantastic talent.
