Senior IT Governance Analyst – Changes, Vulnerabilities

This is a fully remote position, open to applicants in Brazil.

📋 Description

• Oversee the governance of the vulnerability management process, ensuring prioritization, monitoring, and remediation based on criticality, exposure, and business impact.

• Manage and oversee the backlog of critical and high vulnerabilities, ensuring visibility, traceability, and compliance with service level agreements (SLAs).

• Lead and supervise the change management process (GMUD), ensuring adherence to established workflows, approved timeframes, and best practices.

• Technically validate changes related to vulnerability remediation, ensuring compliance and the mitigation of operational risks.

• Analyze risks associated with changes, including conducting impact assessments, rollback plans, and failure mitigation strategies.

• Ensure comprehensive documentation, evidence, and traceability for audit purposes.

• Monitor and report on key performance indicators (KPIs) such as remediation SLAs, change success rates, and vulnerability backlogs.

• Analyze recurring issues and recommend continuous improvements to processes.

• Support the definition and evolution of governance policies, standards, and procedures.

• Act as a liaison between technical teams (infrastructure, security, and operations) and governance.

• Manage exceptions, accepted risks, and corresponding action plans.

• Ensure compliance with ITIL processes, including Change, Incident, and Problem Management.

• Assist in internal and external audits.

• Contribute to the ongoing enhancement of IT governance processes.

⛳️ Requirements

• Experience with change management (Change Management / GMUD).

• Proficiency in vulnerability management and remediation tracking.

• Knowledge of risk-based prioritization, focusing on criticality, exposure, and business impact.

• Familiarity with ITIL frameworks, including Change, Incident, and Problem Management.

• Experience with SLAs, metrics, and dashboard reporting.

• Strong analytical skills for evaluating risks and making informed decisions.

• Experience in preparing detailed reports and metrics.

• Excellent communication skills for interacting with technical teams and stakeholders.

• Familiarity with both Windows and Linux/Unix environments.

• Experience with vulnerability management tools such as Qualys, Tenable, or similar platforms.

• Background in environments with structured change processes (CAB, GMUD, controlled change windows).

• Understanding of vulnerability classification standards (CVSS).

🏝️ Benefits

• Competitive salary and comprehensive benefits package.

• Opportunities for professional development and growth.

• A collaborative and dynamic work environment.

• Flexible working hours and remote work options.