Supply chain security/Information security

The Information Security team member at Stefanini Group will join the Supply Chain Security team and be responsible for contributing to the development, implementation, and compliance of technical security measures across the enterprise. This role involves conducting security assessments of third-party tools and products, as well as serving as a key liaison between Information Security and business teams and management. Key Responsibilities include: - Conducting focused risk assessments of service providers and new technologies - Providing governance and oversight of SaaS and IaaS products - Influencing the direction of securing infrastructure, applications, and third-party service providers - Communicating risk assessment findings to stakeholders and influencing risk mitigation strategies - Offering consultative advice to information security customers for informed risk management decisions - Assessing new and existing Internet of Things (IoT) Deployments - Identifying and implementing controls to manage information risks effectively - Developing solutions to improve risk posture and mitigate risks - Maintaining strong relationships with individuals involved in managing information risks - Supporting the documentation of Information Security Policies and Standards - Conducting security assessments of third-party software packages - Performing vulnerability impact analysis of newly identified vulnerabilities of critical service providers Candidates will be evaluated based on their skills and competencies, including: - Strong documentation and process-oriented background - Ability to influence others and collaborate effectively - Effective communication of complex technical issues - Strong decision-making capabilities - Ability to react in high-pressure dynamic environments - Excellent prioritization skills - Innovative thinking to produce new ideas - Interpersonal skills to work well in a global environment Required Experience: - Degree in Business, Computer Engineering, Computer Science, Information Security, or related field - Working knowledge of data analysis techniques and tools such as Excel, Python, and basic SQL - Experience with agile project management - Knowledge of Azure security, AWS security, web security, including API and token security - 5+ years of Information Security experience - 3+ years with risk advisory and senior management communication - 3+ years of experience in documenting, project management, and written analysis for Information Security risk assessments - 3+ years of experience in Enterprise Risk Management and assessing controls within Technology and/or Financial Services firms - Familiarity with information security management frameworks (e.g., IS027001, COBIT, NIST 800) - Relevant certifications like CISSP, CISM, CISA, and AWS, GCP, or Azure security certifications are a plus *Listed salary ranges may vary based on experience, qualifications, and local market. Also, some positions may include bonuses or other incentives*,