Grupo QuintoAndar | Senior Information Security Specialist (GRC)

About Grupo QuintoAndar

We are Grupo QuintoAndar, the largest real estate ecosystem in Latin America. Guided by a shared purpose of helping people love where they live, we have a diversified portfolio of brands and solutions across different countries in Latin America, covering all phases of the housing journey. We also have a Technology Hub in Portugal. We develop technology and innovation to transform and enhance the overall living experience.

With the support of a world-class team of investors and advisors, including Kaszek, Qualcomm, General Atlantic, and SoftBank, Grupo QuintoAndar is currently valued at over USD 5.1 billion and continues to grow year over year.

Here, you will work with top professionals in the market, in an environment that breathes innovation, collaboration, and high performance. To learn more about our story, visit: https://grupoquintoandar.com/pt/.

Location & Remote Work 

Our technology team operates under a "remote-first" model, which means we work from home and can live anywhere in Brazil. We also offer the option of working from our São Paulo offices or partner coworking spaces, up to twice a week.

Hiring Process Stages

The stages of our hiring processes aim to assess your experiences and allow you to meet our teams and explore career opportunities. They are structured as follows:

• Tech Screening 
• Technical interviews 
• People Interview 
• Hiring Committee

About the Team

We are looking for a senior person to act in the evolution of the Information Security GRC discipline, focusing on transforming risks, controls, and requirements into practical business decisions.

This is not a position for someone focused only on frameworks, audits, or documentation. We are looking for someone strong in GRC, but with the technical repertoire to discuss controls, architecture, third parties, identity, data, cloud, and technology in practice.

The goal of this position is to increase the company's security maturity, bring more quality to risk decisions, and ensure that governance and compliance processes are useful in practice, and not just correct on paper.

What we expect from this position

We expect someone who connects Information Security risks to the business context and transforms this into practical action. Someone who moves well between executive and technical discussions, can structure and evolve governance and risk management processes, conducts consistent assessments, orchestrates the evolution of teams, and supports decisions with clarity, credibility, and a focus on results.

We are looking for a profile that goes beyond compliance on paper, understands controls in practice, evaluates their effectiveness, and has the seniority to act on different fronts of the team, such as cyber risks, policies and standards, third-party risk, executive indicators, awareness, incident governance, cyber resilience, and Information Security strategic planning.

Responsibilities

• Act in the evolution of the Information Security strategic plan, based on risk exposure, maturity level, market benchmarks, and business impact.

• Conduct the information security risk management process end-to-end, including identification, assessment, prioritization, treatment, acceptance, monitoring, and executive reporting, in alignment with the company's Risk Management framework.

• Lead or support key team fronts, such as policies and standards, third-party cyber risk, incident governance, AI governance, cyber resilience, and awareness programs.

• Conduct maturity assessments and evaluations based on frameworks such as NIST CSF 2.0, ISO 27001, CIS, and SOX, transforming diagnoses into executable action plans.

• Define and monitor indicators, governance forums, committees, and executive materials that provide visibility into risks, controls, projects, and maturity evolution.

• Work in partnership with technical and corporate teams to evaluate controls, coordinate remediations, monitor audits and projects, and support the evolution of Information Security maturity.

• Incorporate the use of AI into role activities, with responsibility and a focus on productivity gains and scale.

• Contribute to the evolution of AI governance and security within the company through a culture of responsible and secure technology adoption, assessing risks, and defining controls.

• Monitor and support internal and external audit activities, ensuring the quality and technical consistency of responses, evidence, and remediation plans.

Requirements

• Solid experience (7+ years) in Information Security GRC, with practical performance in complex, dynamic, and technology-intensive corporate environments.

• Practical experience in leading Information Security topics related to risk management and analysis, governance, policies, standards, audits, awareness programs, and third-party risk management.

• Consistent knowledge of frameworks and standards such as NIST CSF 2.0, ISO 27001/27002, CIS, SOX, and related security references.

• Ability to discuss security controls with enough depth to evaluate design, coverage, and effectiveness in practice.

• Good understanding of topics such as cloud security, IAM, vulnerability management, data protection, cyber resilience, AI security, incident management, and third-party cyber risk.

• Ability to transform regulatory requirements, risks, and complex topics into clear, pragmatic, and actionable guidance.

• Senior profile with strong execution, influence, and prioritization skills, and the ability to interact with technical, executive, and corporate audiences.

• Good verbal and written communication in Portuguese and English.

Important

• Our hiring process starts with the application! If you truly want to be part of our team, please complete this step of the process. We analyze all candidates individually and provide feedback to all applicants.

• All communication will be conducted via email, so please stay tuned for our messages and release the domain @quintoandar.com.br to ensure our emails are not sent to spam.

Benefits

• Competitive salary
• Profit sharing
• Meal allowance 
• Health insurance
• Dental plan
• Life insurance
• Childcare subsidy and Atypical Parenthood subsidy
• Wellhub
• Home office allowance
• Employee assistance program (mental health, social, legal, and financial support)
• Extended parental leave
• Day off on birthday, Mother’s Day, and Father’s Day
• Benefits Club (discounts on everyday services)
• Discounts at educational institutions
• Reading kit for children – PlayKids
  
  

Diversity & Inclusion at Grupo QuintoAndar

We value diversity and want everyone to feel welcome here, regardless of their age, gender identity, sexual orientation, race, color, ethnicity, origin, disability, religion, or any other characteristic. All our job openings are open to all individuals!

You'll notice there are some diversity questions in the application form. For affirmative action roles, this information may be used to verify your alignment with the target audience for the opportunity. In such cases, it may be used for elimination purposes. For non-affirmative action roles, this data will be used anonymously, exclusively to monitor and improve our inclusion practices in the hiring process, and will have no impact on your application.

Privacy and Data Protection

The Grupo QuintoAndar operates in compliance with privacy and data protection laws, including, but not limited to, the Brazilian General Personal Data Protection Law (LGPD) (Law No. 13,709/2018), and ensures the security of your data. To learn more, please access our Privacy Notice for Candidates. For questions or to exercise your rights as a data subject, please contact us through our Service Channel.

#LI-FS4