Staff Software Engineer - IT Risk & Security (Remote)

About the Role

Join iFood as a Staff Software Engineer - IT Risk & Security (Remote) and transform your career! We are a leading technology company in Latin America, connecting thousands of restaurants to millions of consumers daily, with an average of 100 million orders per month. Beyond food delivery, we also operate in the marketplace, pharmacy, and pet sectors. Our fintech, iFood Pago, offers a range of financial services including benefits and payment solutions for restaurants. Be part of a team that is always at the forefront of technology and innovation.

What You'll Do

• Lead processes for identifying, analyzing, evaluating, and treating IT and information security risks.
• Develop and maintain risk management methodologies aligned with ISO 27005, ISO 31000, and NIST Cybersecurity Framework.
• Create and update risk matrices, impact analyses, and treatment plans.
• Conduct risk analyses for projects, processes, suppliers, and new technologies.
• Monitor risk indicators (KRIs) and report to the executive committee.
• Plan, conduct, and document internal audits in compliance with ISO 27001, LGPD, PCI DSS, and other frameworks.
• Act as the focal point for external audits, certifications, and third-party assessments.
• Prepare audit plans, checklists, non-compliance reports, and action plans.
• Oversee remediation of identified gaps from audits.
• Conduct audits of critical suppliers and third-party security assessments.
• Ensure compliance with regulations such as LGPD, GDPR, PCI DSS, SOX, and more.
• Develop, review, and update information security policies, standards, and procedures.
• Implement security controls based on frameworks like ISO 27002, CIS Controls, and COBIT, tailored to the organization.
• Generate executive reports on risks, compliance, and audits for the board and management.
• Develop dashboards and indicators (KPIs/KRIs) to present risk status, incidents, and compliance in strategic committees.

Requirements

• Bachelor's degree in Information Technology, Information Security, Engineering, Administration, Law, or related fields.
• A minimum of 4 years of experience in risk management, compliance, or IT auditing.
• Proven experience in conducting internal audits and supporting external audits.
• Familiarity with risk management methodologies (ISO 27005, ISO 31000, NIST RMF).
• Experience with ISO 27001 certification processes.
• Advanced English proficiency (reading standards and communication with international auditors).

Nice to Have

• Postgraduate/MBA in Risk Management, GRC, Information Security, Auditing, or related fields.
• Certifications (ISO 27001 Lead Auditor or Lead Implementer PECB, CRISC, CISA, CISSP).
• Previous experience in fast-growing companies and dynamic environments.
• Experience with additional frameworks: PCI DSS, CIS Controls, NIST 800-53.
• Knowledge in Secure Development (OWASP SAMM, OWASP ASVS, OWASP Top 10).
• Experience with AI and risk management automation and data analysis (Python, Power BI, Looker Studio, SQL, etc.).

What We Offer

• Competitive salary and benefits package.
• Remote work flexibility.
• Opportunities for professional growth and development.
• Innovative and collaborative work environment.
• Access to cutting-edge technology and tools.