Senior GRC Consultant

About OpenHQ

Open Cybersecurity
is a fast-growing consultancy and the official
master distributor of Vanta
in Latin America - the world's leading trust management platform for compliance and security automation.

Our flagship product,
Vanta
, enables enterprises to simplify and accelerate compliance with frameworks such as
SOC 2, ISO 27001, PCI DSS, GDPR, LGPD
, and others. It also empowers organizations to
manage vendor risk
and
strengthen their security posture
with automation and AI.

We work closely with industries such as
banking, fintech, and insurance
, providing the expertise and technology needed to achieve compliance at scale and build customer trust.

We are expanding across
Brazil, Mexico, and the US
, and are looking for a
Senior Security Governance and Risk Consultant
to help drive our next stage of growth.

What will you do?

• Lead the planning, execution, and delivery of
  security governance and risk management projects
  for enterprise clients;
• Conduct
  maturity and risk assessments
  using frameworks such as
  NIST CSF, CIS Controls, ISO/IEC 27001, SOC 2, PCI DSS, LGPD, GDPR, CNBV IFPE
  ;
• Design, implement, and maintain
  Information Security Management Systems (ISMS)
  in compliance with ISO 27001 or equivalent standards;
• Partner with
  Vanta's Sales and Customer Success teams
  to represent the Trust Management Platform to prospects and customers;
• Engage with executives and senior staff at client organizations to build trust with Security and Compliance stakeholders;
• Use your expert knowledge of frameworks like
  SOC 2, ISO 27001, ISO 27701, GDPR, DORA, NIS2, TISAX
  to advise customers on
  scoping, policy creation, control requirements, and security best practices
  ;
• Provide
  executive-level reporting and presentations
  on risk posture, findings, and recommendations;
• Collaborate with
  cross-functional GTM teams
  (Sales, Marketing, Product, Delivery) to improve processes and ensure seamless customer experiences;
• Develop
  public-facing content
  (education, best practices, playbooks) to strengthen customer enablement;
• Identify
  customer requirements
  and collaborate with Vanta stakeholders to improve product features;
• Support
  cybersecurity audits and regulatory compliance reviews
  across LATAM;
• Mentor junior consultants and support the growth of Open's GRC practice;
• Stay up to date with
  emerging threats, regulations, and industry trends
  to enhance client value.

Requirements

What do you need to know?

• 5+ years of experience
  in security governance, risk management, or compliance consulting;
• Demonstrable expertise in at least one major framework (
  SOC 2 or ISO 27001
  ) - both strongly preferred;
• Strong knowledge of regulations and standards (
  ISO 27701, GDPR, DORA, NIS2, TISAX, PCI DSS, LGPD, CNBV IFPE, Bacen
  );
• Proven ability to
  interact directly with C-level executives and senior stakeholders
  ;
• Strong technical fluency with
  cloud infrastructure, version control systems, risk management, vulnerability management, and related security processes
  ;
• Familiarity with
  APIs and service integrations
  to connect security requirements with SaaS environments;
• Experience building
  productive relationships
  across technical and non-technical teams;
• Knowledge of the
  cybersecurity audit process
  and compliance management in SaaS environments;
• Excellent
  communication, presentation, and project management skills
  ;
• Security certifications (e.g.,
  CISSP, CISM, CISA, CRISC, CIPP/E, ISO 27001 Lead Implementer/Auditor
  ) strongly preferred;
• Comfortable working in
  remote/hybrid environments
  with high client engagement;
• Fluent in
  English
• mandatory;
• Portuguese
• required;
• Spanish fluency
  is a major advantage.

Benefits

• Opportunity to work with
  leading compliance and security automation platforms
  ;
• Direct access to some of the
  most regulated and innovative enterprises
  in LATAM/US;
• Exposure to
  enterprise clients across Latin America and the US
  ;
• Ongoing
  training, mentorship, and certifications
  ;
• Competitive compensation package with
  performance incentives
  ;
• Hybrid work model
  , with flexibility and autonomy.