Lead Security Engineer (GRC)

About us Nubank was founded in 2013 with the mission of fighting complexity to empower people in their daily lives by reinventing financial services. Today, we are one of the largest digital banking platforms in the world, serving millions of customers across Brazil, Mexico, and Colombia. For more information, visit our careers page: https://international.nubank.com.br/careers/ About the team The Governance, Risk and Compliance (GRC) team enables Nubank to remain compliant with legal, regulatory, and internal requirements, while continuously identifying, classifying, and monitoring risks and providing strategic insights and performance evaluation to leadership. The GRC squad collaborates with multidisciplinary teams to align our technology security strategy with Nubank’s overall business objectives, ensuring that identified risks are mitigated and that risk-based decision-making is enabled within and beyond the IT Security Business Unit. About the role You will be responsible for acting as a technical reference in security, certifications, and internal controls, serving as a bridge between engineering, risk, audit, and business stakeholders. You will define strategies, support risk-based decision-making, and ensure that security and compliance requirements are effectively embedded into processes, systems, and products. Key responsibilities Act as a senior technical and governance reference across security, certifications, risk, and internal controls, influencing strategy. Identify control gaps and improvement opportunities in technical procedures required for certification and recertification processes (e.g., ISO 27001, PCI-DSS). Develop and maintain strong partnerships with business and technical leaders to orchestrate audits, assessments, and remediation plans in a risk-based and scalable way. Collaborate with technical teams to define action plans that ensure adherence to regulatory requirements and internal policies. Conduct assessments of internal controls, ensuring adherence to internal policies, legal requirements, and industry standards. Identify gaps and improvement opportunities in the internal controls landscape and lead control reviews, ensuring timely resolution of issues. Work closely with Risk teams to align on the mitigation of identified risks. Support responses to audit requests, regulatory inquiries, and due diligence from business partners. Partner with Engineering, Product, IT, and global teams to integrate compliance and security requirements into processes and systems. Define and monitor KRIs and KPIs, delivering forward-looking, data-driven insights to senior management and Committees. Drive continuous improvement and scale, simplifying processes and strengthening Nubank’s Security Maturity as the company grows globally. Qualification Requirements Solid experience in information security, with strong knowledge of frameworks such as PCI-DSS, ISO 27000 family, NIST, and similar. Prior experience with security certification processes and/or internal controls, compliance, and audit support. Excellent executive communication skills, capable of translating complex topics into clear, actionable insights for senior leadership and committees. Experience operating in regulated and global environments, including interaction with auditors and regulators. Bachelor’s degree in Engineering, Technology, Security Information, Risk Management or related fields. Familiarity with using AI and automation (e.g., machine learning, generative AI, or LLM-based tooling) to enhance security compliance use cases. Knowledge of the regulatory landscape relevant to financial services, such as SOx, BACEN, CVM, CNBV, ANBIMA, SEC, and related regulations. Hands-on experience with cloud environments (e.g., AWS, GCP) and implementing security controls in these contexts. Advanced English (written and verbal) required. Nice to have Requirements Relevant certifications such as CRISC, CISA, Security+, CISSP, or ... (truncated, view full listing at source)