About Us

Nu was born in 2013 with the mission to fight complexity to empower people in their daily lives by reinventing financial services. We are one of the world’s largest digital banking platforms, serving millions of customers across Brazil, Mexico, and Colombia. For more information, visit our institutional page https://international.nubank.com.br/careers/

About the Role

The Risk Management Analyst - IT & Cyber Risk is a subject matter expert in IT and cybersecurity risk management who will be responsible for conducting risk assessments on IT and cybersecurity products, features and critical components of Nubank's ecosystem, implementing IT Risk control tests automations, for monitoring IT and cybersecurity incidents to identify potential systematic flaws and ensure that identified risks are properly controlled and mitigated. In this role, you will have contact with different technologies and will have the opportunity to develop your knowledge in the most cutting edge technology. You will also work closely with Infosec and Engineering teams while being mindful of business requirements.

As an IT Risk Management Senior Analyst you'll be expected to:

• Conduct regular risk assessments on existing IT systems, applications (e.g., microservices, APIs, webapps, mobile apps, etc.)  and telecommunications infrastructure to verify the sufficiency and effectiveness of the IT and cybersecurity controls in place, identify potential risks, and define action plans for risk mitigation.
• Perform risk assessments on external APIs and their infrastructure to assess their security posture and ensure that proper controls to mitigate risks are in place.
• Provide subject matter expertise in IT and cybersecurity risk during the implementation of new IT systems, telecommunication infrastructure, and third-party services, as well as on major changes in existing technology supporting business products in Colombia.
• Monitor IT and cybersecurity incidents to identify potential systematic flaws that require improvements on the IT control environment. Analize incident information and other available documentation about associated existing processes and technology, identify alternatives for risk mitigation, and connect the action plans with the risk governance methodology of the firm.
• Implement available IT Risk control tests automations and ensure that identified risks are properly controlled and mitigated.
  
  

We are looking for an IT Risk Management Senior Analyst  who has:

• Minimum of 3 years of experience in Cybersecurity operations or Non Financial Risk Management
• Bachelors’ degree in Computer Science, MIS business, or equivalent experience
• In-depth knowledge of IT and cybersecurity risk management concepts, practices and methods
• Fluency in English and Spanish.
• Understanding of cloud computing models such as Infrastructure as a Service (IaaS), Platform as a Service (PaaS), and Software as a Service (SaaS). Familiarity with cloud providers and serverless technologies
• Understanding of cybersecurity concepts such as confidentiality, integrity and availability;  supply chain risks, cryptography, endpoint and network security, cloud security, mobile security, API security, etc.
• Understanding of DevOps practices and tools used in cloud environments, such as continuous integration/continuous deployment (CI/CD) pipelines and containerization
• Knowledge of risk management frameworks and methodologies to identify, assess and manage IT risks
• Advanced knowledge in frameworks such as MITRE or NIST.

Core Benefits:

• Equity at Nubank
• Health insurance
• Vacations of 15 workdays
• Nu Language - Language learning program
• Parental leaves

The position is based in Bogotá, Colombia.

Nubank continues to hire for all open roles, all interviewing and onboarding is done virtually. Everyone new to the team and our current staff will be working from home for 7-8 weeks and 1 at the office (Bogotá).