Job Summary: We are seeking an information security professional to audit risks, analyze technical controls, and propose recommendations for mitigation. Key Responsibilities: 1. Identify, document, and audit findings, gaps, and non-conformities. 2. Conduct IT risk assessments related to suppliers. 3. Develop prioritized action plans to mitigate significant risks. Join Stefanini! At Stefanini, we are over 30,000 geniuses connected from 41 countries, doing what we love and co-creating a better future. **You definitely don’t want to miss out!** **Responsibilities and Authorities** **Initiation and Understanding:** * Identify key technical and organizational controls. * Understand supplier services and gather initial information. * Conduct interviews with third-party representatives. **Evidence Collection:** * Identify findings, gaps, and non-conformities, documenting evidence and criticality level. * Review foundational documents such as policies and compliance certificates. * Validate advanced configurations and technical documentation (logs, specific policies). **Audit Execution:** * Visit suppliers to conduct on-site audits of critical controls. * Validate implementation of systems protecting sensitive data. * Plan and execute audits with suppliers based on ISO 27001, internal policies, and business requirements. **Analysis:** * Conduct IT risk assessments related to suppliers. * Validate simple evidence (e.g., valid certificates). * Escalate minor inconsistencies. * Identify medium-level gaps and risks. * Propose initial recommendations. * Evaluate critical controls and generate high-impact findings. * Develop prioritized action plans to mitigate significant risks. **Deliverables:** * Generate a preliminary report containing low-criticality findings. * Prepare detailed compliance reports. * Draft comprehensive reports including risks and strategic mitigation plans. * Present critical findings and recommendations in high-level meetings. **Requirements and Qualifications** * 2–3 years of experience in information security, specifically in risk auditing areas or projects. * Demonstrated expertise in ISO/IEC 27001 and risk management. * Competence in analyzing information security technical controls, validating policies, procedures, and technical evidence. * Experience evaluating security controls (technical, administrative, and physical), including review of: policies, procedures, evidence, reports, and configurations. * Strong communication skills to facilitate meetings and interviews with third-party representatives providing services to clients. * Ability to conduct on-site visits, including collecting evidence of technical security controls and analyzing security solution configurations (antivirus, antimalware, disk encryption, DLP, etc.). * Experience drafting technical and risk reports with clear, prioritized recommendations. Are you looking for a place where your ideas shine? With over 38 years of experience and a global presence, at Stefanini we transform tomorrow—together. Here, every action matters, and every idea can make a difference. Join a team that values innovation, respect, and commitment. If you are a disruptive individual, committed to continuous learning, and innovation is in your DNA, then we’re exactly what you’re looking for. Come and let’s build a better future—together!