Position Summary: We are seeking an information security professional with experience in auditing, risk management, and technical control analysis. Key Highlights: 1. Information security and risk management experience 2. Technical control analysis and report writing 3. On-site visits and interviews with third parties Join Stefanini! At Stefanini, we are more than 30,000 geniuses, connected from 41 countries, doing what they love and co-creating a better future. **You definitely don’t want to miss this!** **Responsibilities and Duties** * 2–3 years of experience in information security, specifically in areas or projects related to auditing or risk management. * Knowledge of ISO/IEC 27001 standard and risk management. * Competence in analyzing information security technical controls, validating policies, procedures, and technical evidence. * Strong communication skills to facilitate meetings and interviews with representatives of third parties providing services to Rimac. * Ability to conduct on-site visits, including collecting evidence of information security technical controls and analyzing configurations of security solutions (antivirus, antimalware, disk encryption, DLP, etc.). * Experience in preparing technical and risk reports with clear, prioritized recommendations. **Requirements and Qualifications** **Initiation and Understanding:** * Identify key technical and organizational controls. * Understand the vendor’s services and gather preliminary information. * Conduct interviews with third-party representatives. **Evidence Collection:** * Review basic documents such as policies and compliance certificates. * Validate advanced configurations and technical documentation (logs, specific policies). **Auditing:** * Visit vendors to audit critical controls on-site. * Validate implementation of sensitive data protection systems. **Analysis:** * Validate simple evidence (e.g., valid certificates). * Escalate minor inconsistencies. * Identify medium-level gaps and risks. * Propose initial recommendations. * Evaluate critical controls and generate high-impact findings. * Develop prioritized action plans to mitigate significant risks. **Deliverables:** * Generate a preliminary report containing low-criticality findings. * Prepare detailed compliance reports. * Draft comprehensive reports covering risks and strategic mitigation plans. * Present critical findings and recommendations in high-level meetings. Looking for a place where your ideas shine? With over 38 years of experience and a global presence, Stefanini transforms tomorrow—together. Here, every action matters, and every idea can make a difference. Join a team that values innovation, respect, and commitment. If you are a disruptive individual, committed to continuous learning, and innovation is in your DNA, then we are exactly what you’re looking for. Come and let’s build a better future—together!