IT Compliance Analyst

This is a fully remote position, open to applicants in Brazil.

📋 Description

• You will play a pivotal role in the ATE Compliance Program, reporting directly to the Compliance Program Lead.

• Your main objective will be to thoroughly understand PwC compliance standards and assist teams in their proper application.

• This position focuses on control validation, ensuring that controls are well-designed and functioning effectively across ITGC, ISP, and QMS domains.

• You will be tasked with testing controls, reviewing evidence, facilitating audits, responding to requests, supporting escalations, and contributing to the enhancement of controls.

• Key responsibilities include: Testing and validating ITGC controls (primary focus); assessing whether ITGC controls are appropriately designed and functioning as intended; validating controls related to Identity and access management, Change management, Cybersecurity operations, and Database and network controls; facilitating audits and managing compliance evidence; assisting with inquiries and escalations related to controls; supporting remediation processes and ongoing monitoring; engaging with stakeholders and areas involved in the program; aiding in the communication of compliance and risk topics; preparing reports, metrics, and data-driven analyses; and supporting reviews of policies, procedures, and access.

⛳️ Requirements

• Familiarity with control frameworks such as SOC 2, ISO 27001, 7216, and ISP.

• Experience with ITGC and QMS control testing methodologies (including walkthroughs, sampling, re-performance, and inspection).

• Practical understanding of information security policies (ISP) and control frameworks.

• Competence in Microsoft Office, evidence management platforms, GRC tools, and compliance dashboards.

• Knowledge of Access control systems, Identity management, Encryption standards, and Change management processes; awareness of global and local regulatory requirements and quality management systems.

• Risk awareness with the capability to identify and escalate operational and compliance risks.

• Familiarity with vulnerability scanning tools, penetration testing (pentest), and security monitoring.

• Preferred qualifications: CISA (Certified Information Systems Auditor), CRISC (Certified in Risk and Information Systems Control), ISO 27001 Lead Auditor, ISO 42001 or QMS-related certifications, and certifications or specific training in ITGC.

🏝️ Benefits

• Health insurance;

• Dental insurance;

• Food allowance (vale alimentação);

• Meal allowance (vale refeição);

• Mobility allowance;

• Culture allowance;

• Health allowance;

• Education allowance;

• Life insurance;

• Childcare assistance;

• Discounts with partners.