IT Risk Senior Specialist

Nu is one of the largest digital financial platforms in the world, with more than 127 million customers across Brazil, Mexico, and Colombia. Guided by our mission to fight complexity and empower people, we are redefining financial services in Latin America and this is still just the beginning of the purple future we're building.

Listed on the New York Stock Exchange (NYSE: NU), we combine proprietary technology, data intelligence, and an efficient operating model to deliver financial products that are simple, accessible, and human.

Our impact has been recognized by global rankings such as Time 100 Companies, Fast Company’s Most Innovative Companies, and Forbes World’s Best Bank. Visit our institutional page Careers at Nu - Join our team!

Strategic and regulatory, centered on the design and strengthening of the Technology Risk framework, and on overseeing its implementation through the Technology Risk area and the business areas, ensuring comprehensive, forward-looking management aligned with regulation and the company’s strategy.

Supports the oversight and development of the Technology Risk function, defining frameworks, metrics, and guidelines, and supervising the proper management of risks arising from systems, data, infrastructure, and technology third parties. Acts as the main point of contact with governing bodies and regulators on IT Risk matters, coordinates the response to major incidents and technology crises, and helps execute tests, assessments, and monitoring of the technology environment.

• →Define, update, and oversee the Technology Risk framework (policies, standards, methodologies) and maintain risk metrics (KRIs, RAS) for governing bodies.
• →Lead regulatory reports and committee presentations on Technology/Cybersecurity Risk, and coordinate responses to regulatory/audit requests.
• →Oversee classification and root-cause analysis of high-materiality tech/cyber incidents and lead execution of crisis protocols.
• →Review and challenge first-line DRP design/testing and BIA technology dependencies to ensure adequate resilience and risk exposure assessment.
• →Challenge technology risk assessments for new products/architectures and drive root-cause analysis and remediation of material gaps.
• →Design IT Third-Party Risk frameworks, oversee control testing quality, and act as key advisor to Risk, Engineering, Security, and Data leadership.

• Bachelors’ degree in Engineering, Computer Science, Information Technology, a Risk Management related field, or equivalent experience (Master's degree is a plus)
• Minimum of 7 years of experience in cybersecurity or IT Risk Management ( Proven experience in fintech sector is a plus)
• In-depth knowledge of IT and cybersecurity risk management concepts, practices and methods.
• Fluent in English and Spanish, with exceptional communication skills to articulate complex risk scenarios and strategies effectively.
• Understanding of cloud computing models such as Infrastructure as a Service (IaaS), Platform as a Service (PaaS), and Software as a Service (SaaS). Familiarity with cloud providers like Amazon Web Services (AWS) and serverless technologies.
• Understanding of cybersecurity concepts such as confidentiality, integrity and availability, supply chain risks, cryptography, endpoint and network security, cloud security, mobile security, API security, etc.
• Understanding of DevOps practices and tools used in cloud environments, such as continuous integration/continuous deployment (CI/CD) pipelines and containerization.
• Knowledge of risk management frameworks and methodologies to identify, assess and manage risks.
• Certificates in information security or IT risk management (CISSP, CEH, OSCP, CISA, CISM, CRISC, ISO27001 and/or other) is a plus.

• Hybrid 2-3 times/week: Our hybrid work model brings us to the office at least twice a week, on strategic days designed to maximize team connection and collaboration.
• This position is based in Mexico City, Mexico