Senior Cyber & IT Risk

About Us Nu is one of the largest digital financial platforms in the world, with more than 127 million customers across Brazil, Mexico, and Colombia. Guided by our mission to fight complexity and empower people, we are redefining financial services in Latin America and this is still just the beginning of the purple future we're building. Listed on the New York Stock Exchange (NYSE: NU), we combine proprietary technology, data intelligence, and an efficient operating model to deliver financial products that are simple, accessible, and human.Our impact has been recognized by global rankings such as Time 100 Companies, Fast Company’s Most Innovative Companies, and Forbes World’s Best Bank. Visit our institutional page https://international.nubank.com.br/careers/ About the role Strategic and regulatory, centered on the design and strengthening of the Technology Risk framework, and on overseeing its implementation through the Technology Risk area and the business areas, ensuring comprehensive, forward-looking management aligned with regulation and the company’s strategy. Supports the oversight and development of the Technology Risk function, defining frameworks, metrics, and guidelines, and supervising the proper management of risks arising from systems, data, infrastructure, and technology third parties. Acts as the main point of contact with governing bodies and regulators on IT Risk matters, coordinates the response to major incidents and technology crises, and helps execute tests, assessments, and monitoring of the technology environment. You'll be responsible for Define, update, and oversee the Technology Risk framework, including policies, standards, methodologies, and assessment and reporting criteria. Establish, update, and monitor technology risk metrics (KRIs, RAS), consolidating the view of exposure and trends for governing bodies. Lead the preparation of regulatory reports and presentations to committees and governing bodies on Technology and Cybersecurity Risk. Prepare responses and coordinate attention to regulatory and audit requests related to Technology Risk, interacting directly with those authorities when appropriate. Oversee the management of high-materiality technology and cybersecurity incidents, including proper classification, root-cause analysis, and definition of corrective actions. Oversee the execution of institutional crisis protocols associated with technology and cybersecurity incidents, facilitating pre-crisis reports, internal communications, and coordination with key areas. Support the first line in defining and updating disaster recovery plans (DRP) and in their testing, playing a second-line review and challenge role on the adequacy of technology controls and recovery capabilities. Participate in the execution of the BIA, reviewing and challenging the technology dependencies identified by the first line, ensuring they adequately reflect criticality and exposure to Technology Risk. Collaborate with senior colleagues and technical areas to determine the root cause of material technology gaps and agree on remediation plans and control-strengthening actions. Provide guidance and challenge technology risk assessments for new products, features, and architectures, ensuring consistency and completeness. Design and maintain IT Third-Party Risk frameworks, aligned with institutional standards and regulatory requirements. Oversee the quality and consistency of IT and cybersecurity control testing, technology RCSAs, and incident monitoring. Act as a key advisor to the leadership of Risk, Engineering, Security, Data, and other areas, fostering a strong culture of Technology Risk management. Stay up to date on regulation, technology trends, emerging threats, and industry best practices, incorporating these learnings into the evolution of the Technology Risk framework. We are looking for a person who has Minimum of 5 years of experience in cybersecurity or IT Risk Management. Bachelors’ ... (truncated, view full listing at source)