Senior Cyber & IT Risk

Nu is one of the largest digital financial platforms in the world, with more than 127 million customers across Brazil, Mexico, and Colombia. Guided by our mission to fight complexity and empower people, we are redefining financial services in Latin America and this is still just the beginning of the purple future we're building.

Listed on the New York Stock Exchange (NYSE: NU), we combine proprietary technology, data intelligence, and an efficient operating model to deliver financial products that are simple, accessible, and human.Our impact has been recognized by global rankings such as Time 100 Companies, Fast Company’s Most Innovative Companies, and Forbes World’s Best Bank. Visit our institutional page https://international.nubank.com.br/careers/ 

Strategic and regulatory, centered on the design and strengthening of the Technology Risk framework, and on overseeing its implementation through the Technology Risk area and the business areas, ensuring comprehensive, forward-looking management aligned with regulation and the company’s strategy.
Supports the oversight and development of the Technology Risk function, defining frameworks, metrics, and guidelines, and supervising the proper management of risks arising from systems, data, infrastructure, and technology third parties. Acts as the main point of contact with governing bodies and regulators on IT Risk matters, coordinates the response to major incidents and technology crises, and helps execute tests, assessments, and monitoring of the technology environment.

• Define, update, and oversee the Technology Risk framework, including policies, standards, methodologies, and assessment and reporting criteria.
• Establish, update, and monitor technology risk metrics (KRIs, RAS), consolidating the view of exposure and trends for governing bodies.
• Lead the preparation of regulatory reports and presentations to committees and governing bodies on Technology and Cybersecurity Risk.
• Prepare responses and coordinate attention to regulatory and audit requests related to Technology Risk, interacting directly with those authorities when appropriate.
• Oversee the management of high-materiality technology and cybersecurity incidents, including proper classification, root-cause analysis, and definition of corrective actions.
• Oversee the execution of institutional crisis protocols associated with technology and cybersecurity incidents, facilitating pre-crisis reports, internal communications, and coordination with key areas.
• Support the first line in defining and updating disaster recovery plans (DRP) and in their testing, playing a second-line review and challenge role on the adequacy of technology controls and recovery capabilities.
• Participate in the execution of the BIA, reviewing and challenging the technology dependencies identified by the first line, ensuring they adequately reflect criticality and exposure to Technology Risk.
• Collaborate with senior colleagues and technical areas to determine the root cause of material technology gaps and agree on remediation plans and control-strengthening actions.
• Provide guidance and challenge technology risk assessments for new products, features, and architectures, ensuring consistency and completeness.
• Design and maintain IT Third-Party Risk frameworks, aligned with institutional standards and regulatory requirements.
• Oversee the quality and consistency of IT and cybersecurity control testing, technology RCSAs, and incident monitoring.
• Act as a key advisor to the leadership of Risk, Engineering, Security, Data, and other areas, fostering a strong culture of Technology Risk management.
• Stay up to date on regulation, technology trends, emerging threats, and industry best practices, incorporating these learnings into the evolution of the Technology Risk framework.

• Minimum of 5 years of experience in cybersecurity or IT Risk Management.
• Bachelors’ degree in Engineering, Computer Science, Information Technology, a Risk Management related field, or equivalent experience.
• In-depth knowledge of IT and cybersecurity risk management concepts, practices and methods.
• Understanding of cloud computing models such as Infrastructure as a Service (IaaS), Platform as a Service (PaaS), and Software as a Service (SaaS). Familiarity with cloud providers like Amazon Web Services (AWS) and serverless technologies.
• Understanding of cybersecurity concepts such as confidentiality, integrity and availability, supply chain risks, cryptography, endpoint and network security, cloud security, mobile security, API security, etc.
• Understanding of DevOps practices and tools used in cloud environments, such as continuous integration/continuous deployment (CI/CD) pipelines and containerization.
• Knowledge of risk management frameworks and methodologies to identify, assess and manage risks.
• Proven experience in risk management within the fintech sector is a plus.
• An advanced degree (e.g., MS with concentration in information systems) is a plus.
• Certificates in information security or IT risk management (CISSP, CEH, OSCP, CISA, CISM, CRISC, ISO27001 and/or other) is a plus.
• Proficiency in using risk management software, tools, and agile methodologies is highly preferred.
• An ability to navigate and thrive in a technology-driven environment, with a strategic mindset towards leveraging technology in risk management to transform our day-to-day.
• Fluent in English and Spanish, with exceptional communication skills to articulate complex risk scenarios and strategies effectively.

Location for this opportunity (City, Country)

• Mexico City, Mexico

• Chance of earning equity at Nu
• Extended maternity and paternity leaves 
• Health and life insurance 
• Dental and Vision Insurance
• NuCare - Our mental health and wellness assistance program
• Nucleo - Our learning platform of courses
• NuLanguage - Our language learning program
• Holiday Bonus ("Aguinaldo") of 30 days of pay per year
• 17 days of paid vacation with 25% vacation bonus
• Gym partnership
• Food card
• Work-from-home Allowance
• Parental Consultancy
• Relocation Assistance Package, if applicable
•  

• Our hybrid work model brings us to the office at least twice a week, on strategic days designed to maximize team connection and collaboration. For more details, visit https://building.nubank.com/nu-hybrid-work-model/ 

Explore how we build technology at Nubank:

🔗 building.nubank.com.br ↗

🎥 youtube.com/@building.nubank ↗

🎧 Listen to our stories on Spotify ↗