Position Summary: We are seeking an information security professional with experience in auditing and risk management, technical control analysis, and report writing. Key Highlights: 1. Experience in information security auditing and risk management. 2. Skills in technical control analysis and report writing. 3. Being part of a global team that values innovation and respect. Join Stefanini! At Stefanini, we are more than 30,000 geniuses connected from 41 countries, doing what they love and co-creating a better future. **You definitely don’t want to miss out!** **Responsibilities and Duties** * 2–3 years of experience in information security, specifically in areas or projects related to auditing or risk management. * Knowledge of ISO/IEC 27001 standard and risk management. * Competence in analyzing information security technical controls, validating policies, procedures, and technical evidence. * Strong communication skills to facilitate meetings and interviews with third-party representatives providing services to Rimac. * Ability to conduct on-site visits, including collecting evidence of technical security controls and analyzing configurations of security solutions (antivirus, antimalware, disk encryption, DLP, etc.). * Experience in preparing technical and risk reports with clear, prioritized recommendations. **Requirements and Qualifications** **Initiation and Understanding:** * Identify key technical and organizational controls. * Understand the vendor’s services and collect initial information. * Conduct interviews with third-party representatives. **Evidence Collection:** * Review basic documents such as policies and compliance certificates. * Validate advanced configurations and technical documentation (logs, specific policies). **Auditing:** * Visit vendors to conduct on-site audits of critical controls. * Validate implementation of sensitive data protection systems. **Analysis:** * Validate simple evidence (e.g., valid certificates). * Escalate minor inconsistencies. * Identify medium-level gaps and risks. * Propose initial recommendations. * Evaluate critical controls and generate high-impact findings. * Develop prioritized action plans to mitigate significant risks. **Results:** * Generate a preliminary report with low-criticality findings. * Prepare detailed compliance reports. * Draft comprehensive reports with risks and strategic mitigation plans. * Present critical findings and recommendations in high-level meetings. Are you looking for a place where your ideas shine? With over 38 years of experience and a global presence, Stefanini transforms tomorrow—together. Here, every action matters and every idea can make a difference. Join a team that values innovation, respect, and commitment. If you are a disruptive individual, committed to continuous learning, and innovation is in your DNA, then we’re exactly what you’re looking for. Come and let’s build a better future—together!