Attorney – Privacy Governance, ECA Digital

This is a fully remote position, open to applicants in Brazil.

📋 Description

• KPI and Process Improvement Management: Design, revise, and consistently track the KPIs, KRs, and KRIs of the department, with an emphasis on incidents, vulnerability remediation, and third-party compliance;

• Review and Escalation: Serve as the technical review authority for outputs from other analysts, utilizing critical thinking to pinpoint obstacles and execute precise escalations to the coordination team;

• Executive Communication and Storytelling: Develop high-impact executive presentations that effectively communicate the security posture and progress towards the 2026 objectives;

• AI and Emerging Technologies Governance: Assist the coordination team in implementing frameworks (ISO 42001, NIST AI RMF) for AI initiatives, guaranteeing that innovation is both ethical and secure;

• Privacy and ECA Digital: Ensure adherence to ECA Digital and LGPD processes, facilitating Privacy by Design oversight for new products and services;

• Visibility: Excel in creating dashboards using Looker, Power BI, or Grafana to convert maturity and risks into actionable, real-time insights;

• 360° Risk Management: Conduct and defend risk assessments that link technical failures (e.g., vulnerability backlog) to tangible business consequences.

⛳️ Requirements

• Senior experience in GRC with an emphasis on Information Security: Strong expertise in frameworks (NIST CSF, CIS Controls, ISO 27001/27002/27005/29134);

• Proficiency with Visualization Tools: Extensive hands-on experience with Looker, Power BI, Grafana, or similar tools for managing indicators;

• Privacy Knowledge: In-depth understanding of LGPD, familiarity with ECA Digital requirements, and principles of AI governance;

• Metrics Management: Proven experience in defining and monitoring KRs and KRIs within Information Security frameworks;

• Synthesis Ability: Outstanding capability in crafting executive presentations for leadership forums and committees;

• Knowledge of Security Best Practices: Comprehension of Security by Design concepts, vulnerability management, and incident response;

• Critical Thinking: Proficient in analyzing data to discern what requires reporting or remediation;

• Organization and Accountability: Strong discipline to maintain updated KPI controls and drive progress among the team’s analysts;

• Systemic View: Awareness of how delays in resolving vulnerabilities affect overall resilience key results;

• Influence and Stakeholder Management: Skill in guiding colleagues and establishing trust with cross-functional partners.

🏝️ Benefits

• Meal allowance and/or food voucher

• Health and dental insurance

• Transportation allowance

• Enhanced maternity and paternity leave

• Childcare assistance

• Health & wellbeing support: partnerships with Wellhub and Zenklub

• Education support/incentives

• Discounted airline tickets

• Partnered pet health insurance

• Access to Arco educational materials for employees’ children

• Partnerships for MBA and postgraduate programs