Senior Cyber Security Specialist

Job Overview

We are seeking an accomplished Senior Cyber Security Specialist to lead our security operations, develop and implement a robust information security strategy, and ensure alignment with industry best practices and regulatory requirements.

• Develop and maintain an information security governance framework that encompasses policies, standards, and procedures, ensuring clarity, ownership, and compliance across the organization.
• Maintain and continuously improve the security policy lifecycle, guaranteeing effectiveness and efficiency in meeting business objectives and regulatory demands.
• Act as the custodian for all security governance artifacts, including security policies, exception registers, and control frameworks.
• Conduct comprehensive risk assessments to identify security and privacy risks, assess likelihood and impact, and design risk treatment plans that align with business risk tolerance.
• Maintain and enhance the corporate risk register, mapping threats to controls and tracking mitigation activities with control owners.
• Deliver threat and vulnerability analyses to inform continuous improvement of risk posture and security controls.
• Ensure ongoing compliance with applicable laws, regulations, and frameworks, providing evidence-based documentation for key controls.
• Manage and coordinate internal and external audits, including scoping, readiness preparation, control walkthroughs, remediation planning, and stakeholder communication.
• Maintain audit trails and compliance dashboards, enabling timely and transparent reporting to executives and regulators.
• Maintain the Incident Response Plan (IRP), ensuring alignment with legal obligations, business continuity plans, and best practices.
• Lead or support the incident management lifecycle, including detection, analysis, containment, eradication, recovery, and root cause analysis.
• Coordinate post-incident reviews, capturing lessons learned, assigning ownership of corrective actions, and updating relevant policies and controls.
• Establish incident playbooks, escalation paths, and communication protocols, including compliance-related notification procedures.
• Collaborate with technical teams to integrate incident detection tools into GRC oversight and tracking systems.
• Support security operations with governance-driven use cases, ensuring security tools produce audit-friendly logs, evidence, and compliance metrics.
• Monitor security dashboards and alerts, reporting meaningful insights and exceptions to the GRC committee and stakeholders.
• Evaluate vendors and third-party platforms to ensure they meet GRC criteria and supply appropriate audit documentation.
• Design and deliver targeted security awareness and compliance training programs for employees, contractors, and leadership teams.
• Act as a liaison between Legal, Compliance, IT, and other business units to embed security governance across the organization.
• Communicate GRC posture, control effectiveness, and security metrics to senior leadership and executive stakeholders in a clear, actionable format.

• Proven experience with information security tools and platforms relevant to risk management, compliance monitoring, and governance.
• Demonstrated ability to design and implement information security strategies with a strong emphasis on governance, regulatory compliance, and enterprise risk management.
• Strong understanding of information security frameworks and standards such as ISO/IEC 27001, NIST CSF, LGPD, and GDPR.
• Ability to lead cross-functional initiatives, influence control owners, and drive alignment between security goals and business requirements.
• Exceptional analytical, problem-solving, and documentation skills, particularly in audit preparation and risk evaluation.
• Excellent written and verbal communication skills, with the ability to translate complex security concepts into business-friendly language for executives and stakeholders.

We strive to create an inclusive environment where everyone feels valued and empowered.

KTO Group is licensed for Brazilian sports betting and online gaming under Portaria 2.093/2024, ensuring a secure and regulated environment for our operations.