Lead incidents on local, regional, and global scales, setting goals and prioritizing tasksBe part of a Global 24/7 follow-the-sun teamDrive continuous improvement and increases efficiency through standardization and automationWork independently and with management on complex projectsContribute to major, global scale incidents by conducting root cause analysis and writing summaries or reportsPartner with analysts, managers, and other stakeholders to identify opportunities for systemic improvement in monitoring and processesEstablish and perform knowledge management activities, such as lessons learned, knowledge-based articles, and trainingsDesign, implement, and verify new detection mechanismsConduct investigations and forensics on internal and cloud assetsSupport other SAP teams in their day-to-day business activities

Execute complex projects both independently and with the support of the managementContribute to major, global scale incidents by conducting root cause analysis and crafting summaries or reportsTeam up with analysts, managers, and other stakeholders to identify opportunities for systemic improvement in monitoring and processesEstablish and carry out knowledge management activities such as lessons learned, knowledge-based articles, and training sessionsDesign, implement, and verify new detection mechanismsConduct investigations and forensics on internal and cloud assetsManage events at the local, regional, and global levels, establishing objectives and arranging tasks accordinglyBe part of a Global 24/7 follow-the-sun teamImprove the quality and proficiency of the systems through standardization and automationSupport other SAP Concur teams in their day-to-day business activities

Responsible for knowledge transfer within D1xZenvia's Merge & Acquisition process for the Cloud, Information Security, and Cyber Defense areas.Work in internal and external reviews for security frameworks like PCI-DSS, and ISO 27001.Respond to all stakeholders' security due diligence requests.Work with other teams to identify and implement the best security solutions/architecture.

Coordinate internal and external reviews for security frameworks like PCI-DSS, and ISAE 3402 (SOC 2).Perform vulnerability management/audits and delivery of pentest assessments.Respond to partners/clients’ security due diligence requests.Responsible for defensive and offensive security management.Support, and review cyber incident handling and response actions to ensure proper assessment, containment, mitigation, and documentation.Work together with other teams to identify and implement the best security solutions/architect for the company.

Responsible for the strategy, planning, and continuous improvement of new and current security technologies, procedures, and processes.Respond to partners/clients’ security due diligence requests.Perform vulnerability management/audits, and delivery of pentest assessments.Creating, reviewing, and maintaining security policy, standards, and procedures.Coordinate internal and external reviews for security frameworks, e.g ISO 27001, PCI-DSS, SOC, LGPD/GDPR.Ability to apply risk-based decisions balancing cost/opportunity and risk.Develop the strategy, goals, and objectives for the information security training, education, and awareness program.

Improvements in the environment focusing on security, and cost reduction;Work together with the engineering team to identify and implement the best cloud-based solutions for the company;Define and document best practices and strategies concerning application deployment and infrastructure maintenance;Provide guidance, innovative leadership, and mentoring to staff development to develop cloud competencies;Ensure application performance, uptime, and scale, maintaining high standards of code quality and intelligent design;Management of cloud environments according to the guidelines of the company's security standards (ISO 27001, LGPD, and PCI-DSS).

Resport directly to CISO.Responsible for the strategy, planning, and continuous improvement of new and current security technologies, tools, and architecture.Establish and Monitor InfoSec's KPIs, and Goals.

Analyze existing computer systems and make recommendations for upgrades and improvements.Develop policies, procedures, security protocols, and recovery plans.Plan, implement, manage, monitor, and upgrade security measures for the protection of the organization's data, systems, and networks.Troubleshooting to all system and/or network security breaches.Ensure that the organization's data and infrastructure are protected by enabling the appropriate security controls.Implement security, risk management, and data privacy policies complying with regulations. (BACEN, ISO 27001, PCI-DSS, LGPD/GDPR)Manage, develop, and plan cloud solutions following best practices (GCP, Azure, and AWS).Delegate tasks and develop budgets and work schedules.Recruit, train, evaluate, and lead staff members.Stay up-to-date with field advancements and ensure the team receives refresher training as well.

Support Assurance, Internal Controls, Risk Advisory Services, and Fraud Investigation & Dispute Services.

Working Group that develop Network Tools for RNP; Customer Support and Technology Transference; and QoS