Cybersecurity Manager

OKTO's continuous growth demands high-caliber candidates who embody professionalism, passion, and creativity. For those who join us, we offer significant career advancement, stimulating challenges, and a clear runway for growth.

OKTO is the next-generation Payment Service Provider — AI-native, precision-engineered, and relentlessly merchant-obsessed. Built for merchants operating in the most complex and demanding eCommerce sectors, our platform goes far beyond transaction processing. We solve for scale, compliance, and performance with one unshakable focus: delivering outcomes that power merchant growth.

From payments and banking to treasury and settlement, we engineer the financial infrastructure that gives our partners a competitive edge. The result? Faster onboarding, smarter operations, and resilient, real-time performance.

At OKTO, we enable merchants to Play Differently, transforming payments from routine transactions into true differentiators that deliver personalized, frictionless experiences.

Our AI-native innovation harnesses data and insight to power every decision, while our proprietary in-house engineering ensures precision and control. Combined with deep, trust-based relationships worldwide, we're redefining what it means to build, scale, and win in complex digital commerce.

Summary

The Cybersecurity Manager will be responsible for planning, implementing, and overseeing the company's information security controls, ensuring regulatory compliance (when applicable), data protection, and operational resilience. This role will serve as the main security point of contact, supporting leadership and technical teams in critical decisions while fostering a strong security culture across the organization.

Key Responsibilities

Governance & Compliance

• Develop and maintain security policies, processes, and procedures tailored to the company's size and needs.
• Ensure compliance with relevant regulations and standards (LGPD, basic ISO 27001 controls, PCI DSS when applicable).
• Provide periodic risk and security status reports to company leadership.

Infrastructure & Cloud Security

• Implement and manage security controls in cloud environments (AWS preferred, but Azure or GCP as applicable).
• Ensure access control, encryption, and secure configurations are consistently applied.
• Collaborate with IT/DevOps teams to embed security into infrastructure and application lifecycles.

Operations & Incident Response

• Monitor security alerts and coordinate response to incidents.
• Maintain an incident response plan, including escalation procedures.
• Conduct basic business continuity and disaster recovery testing.

Application & Development Security

• Support secure development practices (code reviews, vulnerability scans).
• Introduce lightweight DevSecOps practices suitable for the company's scale.
• Manage secrets, credentials, and sensitive data securely.

Risk, Awareness & Culture

• Assess vendor and third-party risks.
• Coordinate audits and security assessments when required.
• Lead employee awareness initiatives, such as phishing simulations and training sessions.

IT Assets & Support Management

• Manage the lifecycle of IT equipment (procurement, inventory, preventive maintenance).
• Implement patch management practices and security updates on endpoints.
• Monitor support performance indicators and propose continuous improvements to enhance the internal user experience.

Requirements

Education & Certifications

• Bachelor's degree in Computer Science, Information Security, Engineering, or related fields (or equivalent practical experience).
• Certifications such as CISSP, CISM, CISA, CompTIA Security+, ISO 27001 Implementer or Lead Auditor, or AWS Security Specialty are a plus.

Experience

• 5+ years of experience in cybersecurity or IT security-related roles.
• Hands-on experience with cloud platforms and security tools.
• Familiarity with compliance requirements (LGPD, PCI DSS, ISO
• Practical knowledge of incident response and vulnerability management.

Languages:

• Fluent English (mandatory – communication with global stakeholders)
• Portuguese (mandatory).
• Spanish (desirable).

Important Information

• Full-time position under a CLT (Brazilian employment law) contract
• Hybrid work model, based in São Paulo/SP – Brazi

Benefits

• Competitive compensation – aligned with your experience and the market.
• Meal allowance – provided through a prepaid card, with the flexibility to use part of the balance beyond food expenses.
• Health and dental plan – no monthly cost for you and your dependents, with comprehensive coverage to take care of your health and well-being.
• TotalPass – access to gyms and partner studios, encouraging a healthy and balanced lifestyle.

Please submit your CV in english.