Endpoint Protection (WAF/Firewall, Antivírus, and Posture Tools)• Identify and block malicious activities and common attacks in web traffic.• Capture detailed information about web traffic for analysis and incident investigation.• Customize WAF rules to address specific security requirements.• Stay up to date with the latest threats and attack techniques to update the WAF.• Receive immediate notifications regarding suspicious activities or attacks.Vulnerability Management• Assess the impact of identified vulnerabilities.• Prioritize the resolution of vulnerabilities.• Implement measures to mitigate or eliminate vulnerabilities.• Continuously monitor for new vulnerabilities and ensure the effectiveness of mitigation efforts.• Integrate vulnerability management into the development lifecycle.Cloud Security• Develop and implement strategies for cloud environment protection.• Evaluate and select secure cloud service providers.• Configure and manage cloud security controls.• Establish cloud security policies and guidelines.• Continuously monitor cloud security threats and incidents.• Review cloud architecture for security best practices.• Collaborate with development and operations teams to integrate security.SOC - Threat Intelligence• Investigate and analyze cybersecurity events and incidents.• Identify the root cause of intrusions and make real-time decisions.• Monitor computer networks for security issues using SIEM and IDS/IPS technologies.• Conduct technical investigations to determine the root cause of intrusions and make real-time incident decisions.Responsibilities Activities: Providing cybersecurity consulting services to assist with projects.These activities are supported by the implementation and maintenance of various tools, such as Intune, Azure AD, Microsoft Defender, Lansweeper, Fortgate, SonicWall, Nessus, OWASP Zap, Grafana, WAF, GuardDuty, Inspector, CloudMapper, ORCA Security, OpenVAS, DefectDojo, Qradar, and Apura.

• Document and track risks and recommendations based on lack of vendor control.• Coordinate and conduct supplier reviews.• Study government legislation and advise the supplier or company on how to comply with these regulations.• Manage the third-party risk management program.• Work with multidisciplinary teams, including IT, human resources, contracts, and security, to address potential compliance issues and achieve data privacy program initiatives, providing support as needed to Legal and Compliance.• Ensure compliance and provide input to security policies, standards, and procedures. Perform all tasks in compliance with security control requirements.• Present reports and recommendation presentations for improvements and enhancements based on research or findings.• Analyze and approve the implementation of vendor management tools and processes in coordination with the procurement, accounting, and legal departments for the supplier review process.• Monitor and present project risks to senior management through ongoing processes of identification, assessment, tracking, development, and execution of risk mitigation strategies during project development.• Monitor, track, and report supplier compliance with information security standards.• Examine areas that pose threats to the vendor's or organization's financial assets while recommending solutions to minimize risks.• Conduct information security analyses of key vendors and all externally hosted and developed sites.• Support internal and external audits (Vulnerability Management Initiatives), tracking audit measures, resolution tasks, and reviewing compliance evidence.

• Document and track risks and recommendations based on lack of vendor control.• Coordinate and conduct supplier reviews.• Study government legislation and advise the supplier or company on how to comply with these regulations.• Manage the third-party risk management program.• Work with multidisciplinary teams, including IT, human resources, contracts, and security, to address potential compliance issues and achieve data privacy program initiatives, providing support as needed to Legal and Compliance.• Ensure compliance and provide input to security policies, standards, and procedures. Perform all tasks in compliance with security control requirements.• Present reports and recommendation presentations for improvements and enhancements based on research or findings.• Analyze and approve the implementation of vendor management tools and processes in coordination with the procurement, accounting, and legal departments for the supplier review process.• Monitor and present project risks to senior management through ongoing processes of identification, assessment, tracking, development, and execution of risk mitigation strategies during project development.• Monitor, track, and report supplier compliance with information security standards.• Examine areas that pose threats to the vendor's or organization's financial assets while recommending solutions to minimize risks.• Conduct information security analyses of key vendors and all externally hosted and developed sites.• Support internal and external audits (Vulnerability Management Initiatives), tracking audit measures, resolution tasks, and reviewing compliance evidence.

• Development of a privacy governance program to ensure compliance with regulations and privacy policies.• Conducting Data Mapping (ROPA) to identify and record data processing activities, ensuring transparency and compliance.• Development of privacy risk management and risk analysis (PIA/DPIA) to assess and mitigate risks associated with personal data processing.• Implementation of an awareness and training program to promote a culture of security and privacy among employees, empowering them to handle data protection issues.• Collaboration with engineering teams on data protection architecture, ensuring that systems and applications align with security and privacy principles.• Implementation and continuous monitoring of security and privacy measures, ensuring compliance with regulations and the effectiveness of implemented policies and controls.• Operationalization of data subject rights management, ensuring the availability of processes and channels for individuals to exercise their privacy and data protection rights.

• Development of a privacy governance program to ensure compliance with regulations and privacy policies.• Conducting Data Mapping (ROPA) to identify and record data processing activities, ensuring transparency and compliance.• Development of privacy risk management and risk analysis (PIA/DPIA) to assess and mitigate risks associated with personal data processing.• Collaboration with engineering teams on data protection architecture, ensuring that systems and applications align with security and privacy principles.• Implementation and continuous monitoring of security and privacy measures, ensuring compliance with regulations and the effectiveness of implemented policies and controls.• Operationalization of data subject rights management, ensuring the availability of processes and channels for individuals to exercise their privacy and data protection rights.• Participation in projects by providing and identifying improvements in data security and privacy.• Awareness and Training for new employees (Onboarding) on their responsibilities and key security points of the company.• Presenting reports and recommendation presentations for improvements and enhancements based on research or findings.• Monitoring and reporting on vendors and business partners' compliance with information security standards.• Supporting internal and external audits (Vulnerability Management Initiatives), tracking audit measures, resolution tasks, and reviewing compliance evidence.

• Development of a privacy governance program to ensure compliance with regulations and privacy policies.• Conducting Data Mapping (ROPA) to identify and record data processing activities, ensuring transparency and compliance.• Development of privacy risk management and risk analysis (PIA/DPIA) to assess and mitigate risks associated with personal data processing.• Implementation of an awareness and training program to promote a culture of security and privacy among employees, empowering them to handle data protection issues.• Collaboration with engineering teams on data protection architecture, ensuring that systems and applications align with security and privacy principles.• Implementation and continuous monitoring of security and privacy measures, ensuring compliance with regulations and the effectiveness of implemented policies and controls.• Operationalization of data subject rights management, ensuring the availability of processes and channels for individuals to exercise their privacy and data protection rights.

Implementation of key information security frameworks: ISO27001 (ISMS implementation), NIST, CIS CONTROLS, PCI DSS, and relevant regulations and standards in the Brazilian and international markets: Bacen-4658; LGPD - 13709/2018 (Brazilian General Data Protection Law); GDPR (General Data Protection Regulation of the EU).Strategic Activities:• Information Security Management• Gap analysis• Information Security Governance• Information Security Incident Management• Legislation, Regulation, and Compliance• Business Continuity Management• Information Security Risk Management• Awareness and training of new employees (Onboarding) on their responsibilities and key security points of the company.• Study government legislation and advise suppliers or companies on compliance.• Work with multidisciplinary teams to address compliance issues and achieve data privacy program initiatives, providing support to the Legal and Compliance departments as needed.• Present reports and improvement recommendations based on research or findings.• Monitor and report on supplier compliance with information security standards.• Support internal and external audits by tracking audit measures and reviewing evidence of compliance.Furthermore, document and track risks and recommendations related to supplier control, coordinate supplier reviews, manage third-party risk, ensure compliance with security policies, and analyze vendor management and information security. Monitor project risks, examine threats to financial assets, and conduct security analyses of vendors and externally hosted sites.

Activities: - Provide maintenance on computer networks.- Prevent physical and/or logical intrusions.- Define and maintain access control to resources.- Install, configure, and update antivirus and antispyware programs.- Install and maintain various operating systems.- Install and maintain digital communication channels (email, web, FTP, VPN, etc.).- Define bandwidth access control for web usage.- Define content control policies.- Configure email accounts.- Interconnect possible branches through WAN using VPNs or other resources.- Install and maintain database management systems (DBMS).- Provide support to company or organization users.

Activities: - Provide maintenance on computer networks.- Prevent physical and/or logical intrusions.- Define and maintain access control to resources.- Install, configure, and update antivirus and antispyware programs.- Install and maintain various operating systems.- Install and maintain digital communication channels (email, web, FTP, VPN, etc.).- Define bandwidth access control for web usage.- Define content control policies.- Configure email accounts.- Interconnect possible branches through WAN using VPNs or other resources.- Install and maintain database management systems (DBMS).- Provide support to company or organization users.