Senior Security Engineer- Risks and Controls

Nubank, founded in 2013, aims to revolutionize the financial system in Latin America through innovative technology and customer service. It's a global company with offices in Brazil, Mexico, Colombia, US, and Germany. The IAM Matrix Team, part of IAM Governance and Operations, ensures compliance with regulations like SOX, BSM, and PCI-DSS. The Senior Security Engineer will identify risks (SAT, SOD), support the first line of defense in classifying operational risks, and assist auditors in control evaluation, managing annual schedules and KPIs for risk matrices.

Must Have

• Evaluate and classify permissions risks for systems under regulations as SOX and BSM.
• Cross-check the application owners about their operational risks involving their areas to mapping SOD cross activities and transactions.
• Be able to attend the auditors and explain the rationale behind the mapped activities and risks.
• Manage the annual schedule with all matrices to be delivered, considering reviewing and onboarding systems scope.
• Manage the KPIs of delivered tasks, monitoring and giving visibility to stakeholders about possible problems in the annual schedule.
• Be able to address the engineers to develop safe and useful systems.
• Experience with Risks, control, and processes.
• Process mapping.
• Familiarity with Access-Life Cycle.
• Good knowledge about systems such as GitHub, AWS and SAP.
• High level communication (written and spoken).
• Negotiation skills.
• Critical thinking.
• Experienced with the SOX Act, BSM, and PCI-DSS regulations.
• Ability to think critically and solve problems, create win-win solutions.
• Advanced English.
• At least 5 years of experience in a risk and control environment.
• Personally developed, maintained, or reviewed a Risk Control Matrix (RCM) or an SOD Matrix.
• Managed the annual schedule of risk matrices, including defining KPIs and tracking delivery dates across multiple areas.
• Practical experience analyzing and classifying permission structures specifically within cloud environments like AWS or ERPs like SAP.

Good to Have

• Knowledge of programming, queries and ETLs.

Perks & Benefits

• Health, dental and life insurance
• Meal allowance
• Transportation assistance
• 30 days of paid vacation
• Equity at Nubank
• Parking partnership - discounted parking in our office
• Free bike parking with showers available
• NuCare - Our mental health and wellness assistance program
• NuLanguage - Our language learning program
• Gympass partnership
• Extended maternity and paternity Leaves
• Child care allowance
• ‘Espaço Feijão’- Private nursing and breastfeeding spaces in our buildings
• Onsite Health Center - Medical support for every Nubanker in our office

About Nubank

Nubank was founded in 2013 to free people from a bureaucratic, slow and inefficient financial system. Since then, through innovative technology and outstanding customer service, the company has been redefining people's relationships with money across Latin America. With operations in Brazil, Mexico, and Colombia, Nubank is today one of the largest digital banking platforms and technology-leading companies in the world.

Today, Nubank is a global company, with offices in São Paulo (Brazil), Mexico City (Mexico), Bogotá (Colombia), Durham (United States), and Berlin (Germany). It was founded in 2013 in São Paulo, by Colombian David Vélez, and cofounded by Brazilian Cristina Junqueira and American Edward Wible. For more information, visit www.nubank.com.br

.

About the Team

The IAM Matrix Team is part of the IAM Governance and Operations Team, the main responsibility is to be compliant with regulations, such as the SOX Act, BSM (NuInvest), PCI-DSS, among others.

About the Role

The IAM Matrix analyst will be a key person who is able to identify risks as SAT (sensitive access transaction) and SOD (segregation of duties), support the 1st line of defense in classifying operational risks involving SOX and/ or BSM (PQO) process, and support the auditors in control evaluation.

Responsibilities

• Evaluate and classify permissions risks for systems under regulations as SOX and BSM.
• Cross-check the application owners about their operational risks involving their areas to mapping SOD cross activities and transactions.
• Be able to attend the auditors and explain the rationale behind the mapped activities and risks
• Manage the annual schedule with all matrices to be delivered, considering reviewing and onboarding systems scope.
• Manage the KPIs of delivered tasks, monitoring and giving visibility to stakeholders about possible problems in the annual schedule.
• Be able to address the engineers to develop safe and useful systems.

Required Skills and Expertise

• Risks, control, and processes.
• Process mapping
• Familiarity with Access-Life Cycle
• Good knowledge about systems such as GitHub, AWS and SAP.
• High level communication (written and spoken);
• Negotiation skills;
• Critical thinking;
• Experienced with the SOX Act, BSM, and PCI-DSS regulations.
• Ability to think critically and solve problems, create win-win solutions.
• Knowledge of programming, queries and ETLs will be an advantage.
• Advanced English

Role Location

This position is based in Sao Paulo, SP, Brazil

Work mode:

2 times per week 2026

3 time per week 2027

Benefits

• Health, dental and life insurance
• Meal allowance
• Transportation assistance
• 30 days of paid vacation
• Equity at Nubank
• Parking partnership - discounted parking in our office
• Free bike parking with showers available
• NuCare - Our mental health and wellness assistance program
• NuLanguage - Our language learning program
• Gympass partnership
• Extended maternity and paternity Leaves
• Child care allowance
• ‘Espaço Feijão’- Private nursing and breastfeeding spaces in our buildings
• Onsite Health Center - Medical support for every Nubanker in our office