IT Risk Specialist

Nu is one of the largest digital financial platforms in the world, with more than 122 million customers across Brazil, Mexico, and Colombia. Guided by our mission to fight complexity and empower people, we are redefining financial services in Latin America and this is still just the beginning of the purple future we're building.

Listed on the New York Stock Exchange (NYSE: NU), we combine proprietary technology, data intelligence, and an efficient operating model to deliver financial products that are simple, accessible, and human.

Our impact has been recognized by global rankings such as Time 100 Companies, Fast Company’s Most Innovative Companies, and Forbes World’s Best Bank. Visit our institutional page https://international.nubank.com.br/careers/  

About the Role:

We are a leading fintech company in Mexico, at the forefront of revolutionizing financial services through technology and innovation in Latin America. We are seeking a dynamic and experienced IT Risk Specialist to support the execution of the IT Risk programs and activities within the Non Financial Risk squad in Nu Mexico. This role combines strategic oversight of IT risk management, ensuring our organization is well-positioned to navigate and fight the complexities of the environment.

Key Responsibilities:

• Perform, oversee and provide advisory on the identification, assessment, and mitigation of IT risks, incorporating innovative risk management practices and technology solutions.
• Evaluate existing IT systems, applications (e.g., microservices, webapps, mobile apps, etc.), IT third-party vendors such as SAAS, professional IT services, BPOs, APIs, and telecommunications infrastructure to support the implementation of Risk and Control Self Assessment Program (RCSA).
• Conduct independent control tests to verify the effectiveness of the IT control environment of the company, identify and document IT control gaps, and recommend risk mitigants. 
• Establish and connect action plans for risk mitigation with the risk governance methodology of the firm.
• Execute technology risk assessments on new products & features according to the internal standard methodologies, policies and general practices.
• Generate and submit regulatory reports on IT risk for senior management, regulatory bodies and relevant committees.
• Provide oversight and subject matter expertise in IT and cybersecurity risk during the implementation of new IT systems, telecommunication infrastructure, and third-party services, as well as on relevant changes in existing technology and infrastructures supporting business products in Mexico.
• Monitor Engineering, Data and Cybersecurity incidents, perform independent analysis of root causes and risks, propose action plans to improve the control environment, analyze incident information to generate reports and metrics, and connect the action plans with the risk governance methodology of the firm.
• Support the monitoring of emerging IT & cyber risks, new threats, and infrastructure and application vulnerabilities.
• Enhance and maintain robust frameworks and policies for IT risk management and IT third-party risk management, aligned with global standards and meeting local regulatory requirements.
• Serve as a key advisor to risk leadership and internal stakeholders on IT risk matters, ensuring transparent communication and effective stakeholder management.
• Stay ahead of evolving regulatory guidelines, technological advancements, and industry best practices in risk management, applying insights to strengthen our risk posture.

Requirements:

• Minimum of 5 years of experience in cybersecurity or IT Risk Management.
• Bachelors’ degree in Engineering, Computer Science, Information Technology, a Risk Management related field, or equivalent experience.
• In-depth knowledge of IT and cybersecurity risk management concepts, practices and methods.
• Understanding of cloud computing models such as Infrastructure as a Service (IaaS), Platform as a Service (PaaS), and Software as a Service (SaaS). Familiarity with cloud providers like Amazon Web Services (AWS) and serverless technologies.
• Understanding of cybersecurity concepts such as confidentiality, integrity and availability, supply chain risks, cryptography, endpoint and network security, cloud security, mobile security, API security, etc.
• Understanding of DevOps practices and tools used in cloud environments, such as continuous integration/continuous deployment (CI/CD) pipelines and containerization.
• Knowledge of risk management frameworks and methodologies to identify, assess and manage risks.
• Proven experience in risk management within the fintech sector is a plus.
• An advanced degree (e.g., MS with concentration in information systems) is a plus.
• Certificates in information security or IT risk management (CISSP, CEH, OSCP, CISA, CISM, CRISC, ISO27001 and/or other) is a plus.
• Proficiency in using risk management software, tools, and agile methodologies is highly preferred.
• An ability to navigate and thrive in a technology-driven environment, with a strategic mindset towards leveraging technology in risk management to transform our day-to-day.
• Fluent in English and Spanish, with exceptional communication skills to articulate complex risk scenarios and strategies effectively.

Benefits

• Nubank equity
• Health and life insurance
• Food card
• 17 days of paid vacation with 25% vacation bonus
• Holiday Bonus ("Aguinaldo") of 30 days of pay per year
• NuCare - Our mental health and wellness assistance program
• NuLanguage - Our language learning program
• Extended maternity and paternity leaves

Hybrid 2-3 times/week: Our hybrid work model brings us to the office at least twice a week, on strategic days designed to maximize team connection and collaboration. For more details, visit https://building.nubank.com/nu-hybrid-work-model/