Senior Information Security Analyst

Há 6 dias


Porto Alegre, Rio Grande do Sul, Brasil Kto Group Tempo inteiro

Welcome to KTO Group, where innovation drives excitement in iGaming. Founded in 2018 by Andreas Bardun, we're transforming online gaming with a focus on transparency and player satisfaction.

At KTO.com , we blend the thrill of sports betting with online casino entertainment, tailored to local markets and powered by our proprietary platform for a seamless, personalized experience.

KTO is a rising leader in LATAM, proudly ranked among Brazil's top 10 iGaming brands. Join us as we set new standards in trust, innovation, and the future of iGaming.

SUMMARY OF THE POSITION

We are looking for an experienced and highly skilled Senior Information Security Analyst to join our IT & Security team. In this role, you will be responsible for leading efforts to protect our organization's information systems from security threats and vulnerabilities. You will work closely with cross-functional teams to develop, implement, and monitor security measures that align with industry best practices and regulatory requirements. Your expertise will be crucial in safeguarding our digital assets and ensuring the integrity, confidentiality, and availability of our data.


MAIN RESPONSIBILITIES
  • Develop, implement, and maintain a comprehensive information security governance framework, including policies, standards, and procedures that align with business objectives and regulatory requirements (e.g., LGPD, GDPR, ISO/IEC 27001).
  • Maintain and continuously improve the security policy lifecycle, ensuring clarity, ownership, and compliance across the organization.
  • Act as the document custodian for all security governance artifacts (e.g., security policies, exception registers, control frameworks).
  • Lead enterprise-wide risk assessments to identify security and privacy risks, determine likelihood and impact, and design risk treatment plans that align with business risk tolerance.
  • Maintain and enhance the corporate risk register, mapping threats to controls and tracking mitigation activities with control owners.
  • Deliver threat and vulnerability analyses that feed into continuous improvement of risk posture and security controls.
  • Ensure ongoing compliance with applicable laws, regulations, and frameworks (e.g., LGPD, GDPR, ISO 27001), providing evidence-based documentation for all key controls.
  • Manage and coordinate internal and external audits, including scoping, readiness preparation, control walkthroughs, remediation planning, and stakeholder communication.
  • Maintain audit trails and compliance dashboards, enabling timely and transparent reporting to executives and regulators.
  • Maintain the organization's Incident Response Plan (IRP), ensuring alignment with legal obligations, business continuity plans, and best practices (e.g., NIST 800-61).
  • Lead or support the incident management lifecycle, including detection, analysis, containment, eradication, recovery, and root cause analysis.
  • Coordinate post-incident reviews (PIRs), capturing lessons learned, assigning ownership of corrective actions, and updating relevant policies and controls.
  • Establish incident playbooks, escalation paths, and communication protocols, including compliance-related notification procedures (e.g., data breach disclosures under LGPD).
  • Work with technical teams to ensure incident detection tools (SIEM, endpoint monitoring, CASB) are properly integrated into GRC oversight and tracking systems.
  • Support security operations with governance-driven use cases, ensuring security tools (e.g., SASE, SIEM, CASB) produce audit-friendly logs, evidence, and compliance metrics.
  • Monitor security dashboards and alerts, reporting meaningful insights and exceptions to the GRC committee and stakeholders.
  • Help evaluate vendors and third-party platforms to ensure they meet GRC criteria and supply appropriate audit documentation.
  • Design and deliver targeted security awareness and compliance training programs for employees, contractors, and leadership teams.
  • Act as a key liaison between Legal, Compliance, IT, and other business units to embed security governance across the organization.
  • Communicate GRC posture, control effectiveness, and security metrics to senior leadership and executive stakeholders in a clear, actionable format.
  • Stay abreast of regulatory changes, security threats, and GRC best practices, and recommend strategic improvements to enhance the organization's resilience.
  • Identify and lead projects for automation and efficiency in compliance monitoring, policy enforcement, and audit readiness.
EXPERIENCE & QUALIFICATIONS REQUIRED
  • Proven experience with information security tools and platforms relevant to risk management, compliance monitoring, and governance (e.g., SIEM, GRC suites, vulnerability management tools, CASB, SASE).
  • Demonstrated ability to design and implement information security strategies with a strong emphasis on governance, regulatory compliance, and enterprise risk management.
  • Strong understanding of information security frameworks and standards such as ISO/IEC 27001, NIST CSF, LGPD, and GDPR.
  • Ability to lead cross-functional initiatives, influence control owners, and drive alignment between security goals and business requirements.
  • Exceptional analytical, problem-solving, and documentation skills with a high level of attention to detail — particularly in audit preparation and risk evaluation.
  • Excellent written and verbal communication skills, with the ability to translate complex security concepts into business-friendly language for executives and stakeholders

At KTO, diversity isn't just a buzzword – it's our strength. We're all about creating an inclusive environment where everyone feels valued and empowered. Together, we're not just working on projects – we're making a real impact in our communities. Join us in celebrating diversity and driving meaningful change

KTO is licensed for Brazilian sports betting and online gaming under Portaria 2.093/2024, ensuring a secure and regulated environment for our operations.

Participation is prohibited for:

Individuals under 18 (eighteen) years of age;

Public agents with duties directly related to the regulation, control, and supervision of the activity within the federative entity in whose personnel framework they perform their duties;

- Persons who have or may have any influence on the outcome of a real event with a sports theme subject to fixed-odds lottery betting, including:

- Persons holding positions as sports directors, sports coaches, trainers, and members of the technical staff;

- Referees of sports, referee assistants, or equivalents, sports entrepreneurs, agents or representatives of athletes and coaches, coaches or members of the technical staff;

- Members of the administrative or supervisory body of entities responsible for organizing competitions or sporting events;

- Athletes participating in competitions organized by entities within the National Sports System;

Individuals diagnosed with gambling addiction, according to a diagnosis from a qualified mental health professional.

#J-18808-Ljbffr
  • Security Expert

    2 semanas atrás


    Porto Alegre, Rio Grande do Sul, Brasil beBeeInformation Tempo inteiro R$1.200.000 - R$1.800.000

    Senior Information Security ProfessionalThis position requires a seasoned security expert to protect our organization's information systems from security threats and vulnerabilities. The ideal candidate will develop, implement, and maintain a comprehensive information security governance framework, including policies, standards, and procedures that align...

  • Senior Security Expert

    2 semanas atrás


    Porto Alegre, Rio Grande do Sul, Brasil beBeeCompliance Tempo inteiro R$60.000 - R$75.000

    We are seeking a seasoned security professional to join our team as a Senior Vulnerability and Compliance Engineer. In this role, you will play a pivotal part in safeguarding the security and compliance of our enterprise-scale systems.Key Responsibilities:You will work closely with the Cybersecurity team to identify and address all security vulnerability...

  • Senior Data Analyst

    Há 6 dias


    Porto Alegre, Rio Grande do Sul, Brasil NTConsult Tempo inteiro

    Join to apply for the Senior Data Analyst role at NTConsult Join to apply for the Senior Data Analyst role at NTConsult The company : We are a global custom software development and IT project staffing organization without geographic restrictions; we operate globally, navigating technology and business challenges with expertise. Our U.S. headquarters are...

  • Information Security Analyst

    3 semanas atrás


    Porto Alegre, Rio Grande do Sul, Brasil Topaz Brasil Tempo inteiro

    **_Na Topaz, a tecnologia nos une e a evolução nos conecta- **Em nossa organização, estamos totalmente comprometidos em contribuir para soluções financeiras que tornem a indústria um lugar seguro, acessível e dinâmico. Queremos alcançar diferentes partes do mundo com nosso amplo ecossistema de soluções tecnológicas. Por isso, convidamos você a...

  • Senior Credit Analyst

    2 semanas atrás


    Porto Alegre, Rio Grande do Sul, Brasil ACCA Careers Tempo inteiro

    Join to apply for the Senior Credit Analyst role at ACCA Careers3 days ago Be among the first 25 applicantsJoin to apply for the Senior Credit Analyst role at ACCA CareersGet AI-powered advice on this job and more exclusive features.Our organisationAt DLL, we are many things. We are team members, family members and community members. We are members of...


  • Porto Alegre, Rio Grande do Sul, Brasil ACCA Careers Tempo inteiro

    Join to apply for the Senior Credit Analyst role at ACCA Careers 3 days ago Be among the first 25 applicants Join to apply for the Senior Credit Analyst role at ACCA Careers Get AI-powered advice on this job and more exclusive features. Our organisationAt DLL, we are many things. We are team members, family members and community members. We are members...

  • Senior Cybersecurity Analyst

    4 semanas atrás


    Porto Alegre, Rio Grande do Sul, Brasil azion Tempo inteiro

    **About Azion**At Azion you will have the opportunity to develop and be connected to cutting-edge technology, immersed in a culture centered on innovation and a high-performance team, unlocking new possibilities and working with the future of technology.**About the position**We are seeking a Senior Cybersecurity Analyst to drive our infrastructure and server...

  • Senior Credit Analyst

    2 semanas atrás


    Porto Alegre, Rio Grande do Sul, Brasil DLL Tempo inteiro

    Join to apply for the Senior Credit Analyst role at DLLJoin to apply for the Senior Credit Analyst role at DLLGet AI-powered advice on this job and more exclusive features.Our organisationAt DLL, we are many things. We are team members, family members and community members. We are members of society, members of different cultures and nationalities. Members...


  • Porto Alegre, Rio Grande do Sul, Brasil DLL Tempo inteiro

    Join to apply for the Senior Credit Analyst role at DLL Join to apply for the Senior Credit Analyst role at DLL Get AI-powered advice on this job and more exclusive features. Our organisationAt DLL, we are many things. We are team members, family members and community members. We are members of society, members of different cultures and nationalities....

  • Senior Data Analyst

    2 semanas atrás


    Porto Alegre, Rio Grande do Sul, Brasil NTConsult Tempo inteiro

    Join to apply for the Senior Data Analyst role at NTConsultJoin to apply for the Senior Data Analyst role at NTConsultThe company: We are a global custom software development and IT project staffing organization without geographic restrictions; we operate globally, navigating technology and business challenges with expertise. Our U.S. headquarters are in San...