* Salário: R$ 2.000 a R$ 5.000 por mês (estimado)
* O valor exibido é uma estimativa calculada com base em dados públicos e referências do mercado. Não garantimos que este seja o salário oferecido para esta vaga específica.
Área: Outros
Nível: Senior
Senior Analyst – Technology Third-Party Risk Management (TPRM) Location:Campinas, BR Role Overview
We are seeking a highly skilled Senior Analyst – Technology Third-Party Risk Management (TPRM) to support and strengthen our TPRM program. This role will work closely with the Information Security Governance, Risk & Compliance (GRC) team and cross-functional stakeholders to assess, monitor, and manage technology-related risks associated with third-party vendors. Key Responsibilities
Perform comprehensive risk assessments of third-party vendors delivering technology products and services.
Review and analyze vendor responses to cybersecurity and risk questionnaires , including evaluation of supporting documentation and evidence.
Identify, document, and communicate control gaps and deficiencies , with a strong focus on risks impacting SOX (Sarbanes-Oxley) compliance .
Conduct technology risk analysis , develop mitigation strategies, and track remediation efforts through to closure.
Evaluate and report on residual risk levels , ensuring proper documentation and escalation of high-risk issues.
Support and execute technology due diligence activities for both new and existing vendors.
Collaborate with internal stakeholders (Procurement, Legal, Privacy, Architecture, and IT teams) to ensure vendor engagements meet internal policies, regulatory requirements, and industry best practices .
Contribute to the continuous improvement of the TPRM framework, processes, and controls .
Required Qualifications
Proven experience in Technology Third-Party Risk Management (TPRM) and vendor risk assessments.
Strong understanding of cybersecurity frameworks (e.g., NIST, ISO 27001) and regulatory expectations.
Solid knowledge of SOX IT General Controls (ITGCs) and their application to third-party service providers.
Hands-on experience in technology risk analysis, remediation planning, and residual risk management .
Experience conducting technology due diligence for vendors and service providers.
Excellent analytical, communication, and documentation skills .
Ability to manage multiple priorities and work independently in a fast-paced environment .