Senior GRC Analyst
Business Operations
IT
São Paulo, SP
Remote
TRACTIAN is transforming the industrial world by empowering frontline maintenance workers to achieve more. We’ve fused cutting-edge hardware with innovative software into one powerful platform, disrupting legacy systems and delivering smarter, faster solutions for our clients.
Key Responsibilities:
Perform Business Impact Analysis (BIA), mapping processes and identifying RTO and RPO.
Conduct the identification, mapping, assessment, and management of both operational and strategic risks across the organization, ensuring compliance with all applicable regulations and internal policies.
Keep all the BCP and Disaster Recovery documents up to date.
Develop, implement, and update company-wide compliance processes, procedures and rules to ensure alignment with corporate goals, legal requirements, and industry standards.
Collaborate with other departments to create and modify operational processes and agreements and execute actions from action plans.
Conduct and document regular tests for recovery, continuity plans (disaster recovery exercise, backup & data recovery, etc.) also supporting incident response tests.
Implement privacy controls following the company’s governance guidelines and LGPD, GDPR, and CCPA regulations.
Support the continuous improvement of compliance with ISO 27001, 27002, 22301 and 22313 standards.
Monitor and conduct assessments to ensure the effectiveness of internal controls, also implementing improvements considering audits and assessments reports.
Collaborate with multiple departments and headquarters to ensure effective implementation of compliance programs and provide guidance on risk-related matters to leadership.
Collaborate to clarify security maturity doubts with stakeholders.
Background in IT, security, auditing, compliance and/or quality.
Experience with BCP-DR based on ISO 22301 and ISO 22313, including development of procedures, execution, and documentation of tests.
Experience with audits and assessments of ISO 27001 and SOC 2.
Hands-on experience in executing action plans and implementing controls.
Knowledge with risk management frameworks (ISO 27005, NIST etc.).
Knowledge of privacy laws (LGPD, CCPA, GDPR, etc.)
Advanced English proficiency.
Certification related to ISO 27001 and/or privacy (e.g., EXIN or IAPP).
Experience in using Business Continuity Management (BCM) tools.
Experiences with Vanta, SAT platforms, EDR, MDM, IAM.
Other compliance/security certifications.
• Competitive salary and stock options
• Optional fully funded English / Spanish courses
• 30 days of paid annual leave
• Education and courses stipend
• Employee Giving
• Earn a trip anywhere in the world every 4 years
• Day off during the week of your birthday
• Up to R$1.000/mo for meals and remote work allowance
• Health plan with national coverage and without coparticipation
• Dental Insurance: we help you with dental treatment for a better quality of life.
• Gympass and Sports Incentive: R$300/mo extra if you practice activities
If you want to build a ship, don't organize people to collect wood, assign them tasks, and give orders. Instead, teach them to long for the vast and endless sea.
Antoine Saint-Exupery