IT and Information Security Coordinator

View full description

Requirements:

• Proven experience with Windows and Unix-like operating systems.
• Strong background in providing technical support to end users.
• Experience with access management processes, including provisioning and revoking access securely.
• Strong background with Google Workspace and Slack administration from a security perspective.
• Hands-on experience configuring and managing antivirus software, patch management systems, and MDM tools.
• Knowledge of cloud platforms, especially AWS, and how to secure workloads in these environments.
• Understanding of information security best practices and security frameworks, in particular CIS Critical Security Controls and privacy legislation like LGPD and GDPR.
• Proven experience with CI/CD pipelines, SAST/DAST tools, Git, and Infrastructure as Code (IaC).
• Knowledge of authentication protocols such as SAML, OpenID, and OAuth2, with hands-on experience configuring SSO integrations.
• Comfortable writing clear procedures, internal policies, and emails/documentation in English.
• Spoken Portuguese and English fluency is mandatory and will be used daily to interact with team members, partners and vendors in several countries.

Responsibilities:

• Provide technical support to internal users, identifying and resolving complex IT and security-related issues.
• Manage and configure IT assets and ensure secure and compliant environments.
• Oversee identity and access management, including user provisioning, de-provisioning, and enforcement of least privilege principles.
• Administer and configure endpoint protection tools, antivirus, patch management systems, and Mobile Device Management (MDM) solutions.
• Support the implementation and maintenance of internal IT and security procedures and documentation.
• Collaborate with the security and compliance teams in conducting risk assessments, internal audits, and implementing GRC controls aligned with privacy and other applicable legislation and the CIS Critical Security Controls framework
• Ensure best practices are followed in day-to-day operations regarding systems, access, and incident response.
• Keep up with industry trends and threats to advise on improvements and preventive measures.
• Educate employees on security policies, awareness, and safe practices.
• Administer AWS environments and apply best security practices, including provisioning access and permissions, implement security features, monitoring and investigating suspicious activities.
• Collaborate with the engineering team to improve the security of CI/CD pipelines, assist in remediating vulnerabilities, and perform security reviews of changes involving Infrastructure as Code (IaC).
• Assist clients in implementing and maintaining SSO integrations.
• Collaborate on strategic planning for the department in alignment with business needs, utilizing OKRs, roadmaps, business plans, and budget planning.