We are tech transformation specialists, uniting human expertise with AI to create scalable tech solutions.

With over 6,500 CI&Ters around the world, we’ve built partnerships with more than 1,000 clients during our 30 years of history. Artificial Intelligence is our reality.

The GRC Security Analyst will play a key role in maintaining and enhancing our Governance, Risk, and Compliance program while ensuring adherence to industry standards and regulatory requirements in the medical device sector. This position requires a detail-oriented and proactive individual with a strong understanding of security governance/compliance practices.

Key Responsibilities:

Third-Party Risk Assessments:

– Lead and execute third-party risk assessments annually, ensuring alignment with internal risk standards and external compliance requirements.

Cybersecurity Controls Monitoring:

– Maintain and enhance the cybersecurity control framework by:

• Mapping existing controls

• Collecting evidence of execution

• Identifying gaps or nonconformities

• Aligning overlapping requirements under a unified structure

– Ensure adherence to frameworks such as HITRUST, HIPAA, Spain ENS certification.

Enterprise Risk Management:

– Continuously identify, log, and analyze:

• Control nonconformities

• Unresolved/high-risk vulnerabilities across different sources

– Maintain the Risk Registry.

– Deliver timely risk treatment updates and reports to stakeholders.

Policies and Procedures Development:

– Create and maintain cybersecurity-related policies and procedures.

– Ensure documentation complies with regulatory and contractual standards.

Audit Support:

– Serve as a key contributor in audit readiness efforts.

– Ensure all cybersecurity processes, controls, and documentation meet external auditors’ expectations.

– Support audit engagements by providing evidence and clarification as needed.

Required Skills and Qualifications:

– Conducting risk assessments, identifying potential vulnerabilities, and recommending mitigation strategies for medical device operations.

– Collaborating with cross-functional teams to ensure effective communication and implementation of GRC policies, procedures, and controls.

– Leading efforts to maintain and update GRC-related documentation, including risk assessments, policies, and procedures.

– Participating in internal and external audits, providing necessary support and documentation to demonstrate compliance.

– Strong understanding of GRC frameworks, industry standards, and regulatory requirements.

– Excellent analytical skills and attention to detail.

– Ability to work independently and within cross-functional teams.

– Excellent communication skills, with the ability to collaborate with both technical and non-technical stakeholders.

– Strong problem-solving skills, capable of making informed decisions under pressure.

– Fluent English skills.

– Proven track record working with U. S. -based companies.

– Bachelor’s degree in Computer Science, Information Security, or related field.

– Experience in GRC, compliance, or related roles.

– Experience in the medical device industry.

– Familiarity with compliance standards such as:

• FDA regulations

• HIPAA

• ISO

• NIST cybersecurity framework

– Relevant certifications (a plus, not required):

• CISSP

• CISA

• CRISC

• Or equivalent

#LI-AM2

#Midsenior

Our benefits:

-Health and dental insurance

-Meal and food allowance

-Childcare assistance

-Extended paternity leave

-Wellhub (Gympass)

-TotalPass

-Profit-sharing (PLR)

-Life insurance

-CI&T University

-Discount club

-Free online platform dedicated to physical, mental, and overall well-being

-Pregnancy and responsible parenting course

-Partnerships with online learning platforms

-Language learning platform

And many more!

More details about our benefits here: https://ciandt.com/br/pt-br/carreiras

Collaboration is our superpower, diversity unites us, and excellence is our standard.

We value diverse identities and life experiences, fostering a diverse, inclusive, and safe work environment. We encourage applications from diverse and underrepresented groups to our job positions.