Information Security Manager

EdgeUno is seeking an experienced and proactiveInformation Security Managerto lead the company's global cybersecurity and information security risk management initiatives.
This role will partner closely with IT, Engineering, Operations, and Executive teams to own and mature EdgeUno's end-to-endInformation Security Program, ensuring confidentiality, integrity, and availability across our systems, data, and infrastructure.The ideal candidate brings a strategic mindset, deep technical understanding, and hands-on experience with standards such asISO 27001:2022, as well as frameworks includingNIST CSF,CIS Controls, MITRE ATT&CK, NIST RMF, FAIR, OCTAVE, COBIT, andITIL.
This person will lead key areas such as threat intelligence, data loss prevention (DLP), privacy, identity and access management (IAM), security operations (SOC), incident response, business continuity, and security awareness.Location & Language RequirementsNative Portuguese speaker (verbal and written).
Fluent EnglishMust be based in Latin AmericaPreferred time zones: GMT-5, GMT-4, or GMT-6.Willingness to relocate to our Uberlândia office is highly desired but not mandatory.Core ResponsibilitiesInformation Security Program & LeadershipDesign, execute, and continuously improve EdgeUno's globalInformation Security Programaligned with ISO 27001:2022 and industry best practices.Serve as theInformation Security Officer (ISO)responsible for maintaining ourISO 27001:2022 certification, leading audits, gap analyses, and surveillance processes.Define security policies, controls, and guidelines to mitigate risk and ensure corporate policies and regulatory compliance across geographies.Lead and mentor the Information Security Team providingsupport for internal users across all departments and locations.Conduce performance review cycles, provide feedback, and help teams develop skills to make sure we have the right person on the right seat.Governance, Risk & ComplianceOwn and operate theInformation Security Risk Management Frameworkincluding regular risk assessments, control validation, vendor security reviews, and mitigation planning.Lead and maintain Business Continuity Plans (BCP), Disaster Recovery Plans (DRP), and Contingency Planning procedures.Collaborate with Legal, Operations, and external consultants to ensure alignment with data privacy laws (e.g., LGPD, GDPR, and LATAM regulations).
Security Operations & Technical OversightManageSecurity Operations Center (SOC)functions either in-house or with third-party providers, ensuring effective threat detection and incident response.OverseeThreat Intelligence, vulnerability management, and offensive security practices including regular penetration testing and red/blue team exercises.Support implementation ofIAM/PAMpolicies and tools for access governance and least-privilege enforcement across systems.Data Protection & PrivacyDefine and enforceData Loss Prevention (DLP)strategies to monitor and protect sensitive data across databases, endpoints, cloud, and SaaS platforms.Drive data classification and privacy-by-design principles across systems and development workflows.Training & AwarenessDevelop and run a company-wideSecurity Awareness Program, ensuring employees understand their roles in cybersecurity and compliance.Conduct phishing simulations, internal campaigns, and role-based training to drive security culture across the organization.Collaboration & LeadershipPartner with stakeholders to ensure alignment between support, device, and security policies.Serve as the primary point of contact for all security incidents, regulatory inquiries, and audit responses.Regularly report program status, information security risks, and KPIs to executive leadership.RequirementsBachelor's degree in Information Security, Computer Science, Engineering, or a related field.Master's and relevant certifications (CISSP, CISM, CRISC) strongly preferred.10+ years of experiencein cybersecurity, risk management, or information security roles, including5+ years in a team leadership capacity.Deep experience with ISO 27001 implementation, certification, and maintenance.Knowledge of security and other frameworks such asNIST CSF,CIS Controls, MITRE ATT&CK, NIST RMF, FAIR, OCTAVE, COBIT, andITIL.Experience with SOC operations, threat intelligence platforms, SIEMs, SOAR, XDR, EDR, and incident response workflows.Familiarity with IAM/PAM systems, vulnerability scanning, DLP tools, and privacy compliance (GDPR/LGPD, etc.).
Strong understanding of business continuity planning, disaster recovery design, and cloud/hybrid environments.Comfortable operating in a hybrid, globally distributed organization.Previous experience in telecom, hosting, datacenter, or infrastructure service providers is a plusNice to HaveExperience with telecom or infrastructure service providers.Technical background in networks, systems administration, or secure software development.Familiarity with security automation platforms.Previous exposure to managing third-party risk or working with managed security service providers (MSSPs).
What We OfferAt EdgeUno, we offer a competitive compensation package, training and development opportunities, and a collaborative environment where you'll be part of a technical team committed to operational excellence.
We work with purposeto deliver the infrastructure that powers cloud, gaming, streaming, and enterprise expansion in Latin America.
Come build the backbone of the internet with us.Note: Please submit your resume in English.
Resumes in other languages may not be considered
#J-18808-Ljbffr