Staff Security Engineer, Risk & Compliance

About Nubank

Nubank was founded in 2013 to free people from a bureaucratic, slow and inefficient financial system. Since then, through innovative technology and outstanding customer service, the company has been redefining people's relationships with money across Latin America. With operations in Brazil, Mexico, and Colombia, Nubank is today one of the largest digital banking platforms and technology-leading companies in the world.

Today, Nubank is a global company, with offices in São Paulo (Brazil), Mexico City (Mexico), Buenos Aires (Argentina), Bogotá (Colombia), Durham (United States), and Berlin (Germany). It was founded in 2013 in Sao Paulo, by Colombian David Vélez, and cofounded by Brazilian Cristina Junqueira and American Edward Wible. For more information, visit www.nubank.com.br.

As a Staff Security Engineer, you’re expected to:

• Assess security gaps within the organization, in different technologies and business
• contexts, enabling risk treatment and designing action plans as necessary;
• Develop and implement policies and procedures related to information securit and  risk management;
• Support compliance with regulatory requirements related to security and privacy
• providing visibility and technical guidance on strategies for compliance and possible
• trade-offs based on risk;
• Collaborate with cross-functional teams to understand the business requirements, and
• translate them into technical specifications;
• Define guidelines and best practices on risk management and  business security matters that empower Nubankers to perform their work efficiently and securely;
• Work in a multidisciplinary and global team, interacting with teams mainly in Brazil,
• Mexico, and Colombia;
• Proven experience in designing and implementing security controls;
• Familiarity with different domains and concepts of cyber security;
• Strong inclination towards data-driven decision-making.

What are we looking for?

• Experience with large-scale distributed environments;
• Analysis of existing business processes and identify potential risks related to information security;
• Experience with risk analysis techniques like risk identification, assessment and prioritization and qualitative and quantitative risk assessment techniques is needed;
• Advanced understanding of cybersecurity principles, risk management frameworks (such as NIST, Cybersecurity Framework, NIST SP 800-30, FAIR, ISO 27001, ISO 27002, ISO 27005, ISO 31000 or COSO);
• Demonstrated expertise in regulatory frameworks applicable to information security and cyber risk management in the financial sector across Brazil, Mexico, and Colombia. This includes, but is not limited to:
• Brazil: BACEN Resolutions (e.g., Res. 4.893, 4.557), LGPD (Lei Geral de Proteção de Dados), and CMN/CVM regulations applicable to financial institutions.
• Mexico: CNBV cybersecurity guidelines, regulatory circulars on operational risk and technological resilience, and compliance expectations set by Banxico.
• Colombia: SFC (Superintendencia Financiera de Colombia) regulations related to technology risk, including Circular Externa 007 and guidelines for cybersecurity governance and incident reporting.
• Ability to map and interpret cross-country requirements, translate them into actionable controls, and advise on compliance strategies in a fast-paced, tech-driven financial environment essential.

Role Location

NWW. 

Benefits

• Health, dental and life insurance
• Meal allowance
• Transportation assistance
• 30 days of paid vacation
• Equity at Nubank
• Parking partnership - discounted parking in our office
• Free bike parking with showers available
• NuCare - Our mental health and wellness assistance program
• NuLanguage - Our language learning program
• Gympass partnership
• Extended maternity and paternity Leaves  
• Child care allowance
• ‘Espaço Feijão’- Private nursing and breastfeeding spaces in our buildings
• Onsite Health Center - Medical support for every Nubanker in our office

Diversity & Inclusion

At Nubank, we want to be sure that we're building a more diverse and inclusive workplace that reflects the customers we serve and seek to empower. That's why we hire based on equality. We consider gender, ethnicity, race, religion, sexual orientation, and other identity markers as enriching elements to our company while ensuring neither of them represent a barrier when recruiting fantastic talent.