Information Security Specialist

At SumUp our vision is to be a global leader in the FinTech industry and build a world where small businesses can be successful doing what they love. To get there, we are putting together a team that is passionate about what they do, committed to one another and to our merchants.

The Information Security Team is a key component in SumUp's Governance, Risk and Compliance (GRC) team. Our SumUp office in Brazil is hiring for an Information Security Specialist.

As a key member of the SumUp global information security team, you will contribute to the achievement of SumUp security objectives which are to.protect confidentiality, integrity and availability of SumUp information and client information assets. You will strengthen the Security Assurance section dedicated to information security governance and risk management. You can be sure of having agile working in a motivated, dynamic and international security team.

**Responsibilities - What you will do**:

- Contribute to the ongoing design, implementation, improvement and maintenance of the SumUp Information Security Management Program.
- Improve and maintain information security risk management systems
- Review information security controls, audit recommendations and risk mitigation plans and collaborate with other teams to implement the necessary actions.
- Participate in third-party risk management by conducting third party due diligence, supplier reviews and contract review.
- Collaborate with other stakeholders to promote information security best practices, provide expert advice and help to integrate security principles into their processes.
- Support the preparation of external audits or due diligences and respond to auditors, clients and partner requests.
- Monitor the existing laws, regulations and security standards to ensure adequacy with the security controls and processes in place.

**Experience required - You'll be great for this position if**:

- You have a Bachelor or Master Degree in information security or technical area or similar qualification
- You have 4+ years of professional experience in a similar position and have acquired knowledge in information security governance, information security risk management and data protection
- You have knowledge and experience of common information security standards (e.g, ISO 2700X, NIST), payment standard (e.g. PCI-DSS) and data privacy regulation (e.g. GDPR).
- Ideally you will have experience with third-party risk management and audit procedures as well.
- You hold professional certifications such as CISSP, CISM, ISO 27001 or similar.
- You enjoy working independently as much as working in a team and demonstrate good team spirit & cooperation skills.
- You have strong organizational and analytical skills.
- You have strong communication skills and are comfortable working with stakeholders across all levels.
- You work in an ethical manner and have a high sense of integrity and confidentiality.
- You speak and write fluent English.

**Why SumUp?**.
- Be a part of a truly global team: SumUppers come from over 50 different countries around the world (The GRC Team has nearly 80 members over 3 continents).
- You'll work in an amazing agile team environment that values passion and purpose to achieve incredible results.
- You'll have access to rewarding compensation and benefits.
- You'll have the freedom to drive your career, own projects, and make an impact across the company.
- You'll enjoy flexible hours - we don't micromanage. You have freedom to align with your team if you want to work remotely or take a few days off.
- SumUp is an Equal Employment Opportunity employer that proudly pursues and hires a diverse workforce. SumUp does not make hiring or employment decisions on the basis of race, colour, religion or religious belief, ethnic or national origin, nationality, sex, gender, gender identity, sexual orientation, disability, age or any other basis protected by applicable laws or prohibited by Company policy. SumUp also strives for a healthy and safe workplace and strictly prohibits harassment of any kind._

**Job Application Tip