Information Security Analyst

Company Overview

BotCity is building the future of automation with the Governance Platform for Python automations and AI Agents. We empower enterprises to innovate at scale, bringing governance, control, and observability to every automation project. Our philosophy is simple: automation is software, and software deserves the same high-code standards that drive innovation in AI and machine learning.

We recently raised a $12M Series A, led by Four Rivers with participation from Y Combinator, SoftBank, and top industry leaders such as Lew Cirne (New Relic), Rod Johnson (Spring Source), and Walter Kortschak (Summit Partners | Firestreak Ventures). With 1,000+ customers in 70+ countries, including Bayer and LG, and recognition by G as one of the world's top 25 emerging platforms, BotCity is scaling fast.

We're a global remote company with teams across the US and LATAM, united by a shared vision to redefine how enterprises build and manage automation. If you're looking for an environment that values impact, autonomy, and excellence, we'd love for you to join us on this journey.

Role Overview

The Information Security Analyst will lead BotCity's security compliance and governance efforts, ensuring adherence to international standards such as ISO 27001 and SOC 2. This professional will act as the main liaison for customer security inquiries, audits, and internal training efforts, collaborating closely with cross-functional teams to maintain a robust security posture. We are looking for a proactive and collaborative professional with solid experience in information security governance, fluency in English, and strong organizational skills to manage audits, questionnaires, and cross-team initiatives. This role will report directly to the VP of Engineering.

Responsibilities

• Complete and respond to customer security questionnaires, ensuring accurate and timely submissions.
• Ensure company-wide adherence to information security frameworks such as ISO 27001, SOC 2, and LGPD (Lei Geral de Proteção de Dados).
• Manage internal training sessions to ensure the entire team is aware, engaged, and compliant with information security policies.
• Serve as the primary point of contact for client security inquiries, providing detailed responses based on internal security protocols and participating in relevant meetings.
• Maintain and update security documentation, including security policies, processes, and audit logs.
• Collaborate with internal teams such as IT, Engineering, and Product to ensure security controls are
• implemented and maintained in alignment with regulatory requirements.
• Assist in internal and external security audits by gathering and organizing required documentation and evidence, and interfacing with consulting and auditing firms.
• Recommend and implement improvements to the organization's security posture based on customer feedback and audit outcomes, working closely with the Engineering team.

Requisitos:

Required Qualifications

• Degree in Information Security, Cybersecurity, Information Technology, or a related field.
• Experience (3+ years) with information security governance, focusing on security compliance, questionnaires, and audits.
• Strong knowledge of security frameworks such as ISO 27001 and SOC 2, as well as LGPD (Lei Geral de Proteção de Dados).
• Hands-on experience responding to security audits and completing customer security checklists.
• Familiarity with cloud provider technologies such as AWS, Azure, and GCP.
• Knowledge of computer networks and firewalls.
• Excellent written and verbal communication skills, with a keen attention to detail.
• Experience working with MS Office/Excel, Google Suite, Notion, Slack.
• Ability to travel as needed to support events and meet the team.
• Portuguese - Fluent.
• English - Fluent.

Preferred Qualifications

• Certifications related to Cybersecurity, Information Security or AWS Associate.
• Active membership in a recognized security association.
• Hands-on experience with security compliance management tools such as Vanta, Drata, or OneTrust.
• Experience working in Information Security roles within product-first companies.
• Prior experience in an early-stage, high-growth, and fast-paced startup environment or technology companies.