IT Risk Senior Specialist
About Us
Nu is one of the largest digital financial platforms in the world, with more than 127 million customers across Brazil, Mexico, and Colombia. Guided by our mission to fight complexity and empower people, we are redefining financial services in Latin America and this is still just the beginning of the purple future we're building.
Listed on the New York Stock Exchange (NYSE: NU), we combine proprietary technology, data intelligence, and an efficient operating model to deliver financial products that are simple, accessible, and human.
Our impact has been recognized by global rankings such as Time 100 Companies, Fast Company’s Most Innovative Companies, and Forbes World’s Best Bank. Visit our institutional page https://international.nubank.com.br/careers/
About the team:
The IT Risk Team is part of the Risk Management Tribe at Nubank, responsible for identifying and managing technology and information security risks across information technology systems, including microservices and processes. IT Risk Management consists of helping the business identify threats and vulnerabilities to mitigate information technology risks that could materialize and negatively impact data confidentiality, integrity, and availability.
About the role:
As an IT Risk Senior Specialist (IC6), you will act as a senior individual contributor responsible for shaping and advancing Nubank’s technology and cybersecurity risk practices across complex environments, including distributed systems, microservices, and critical business processes.
This role goes beyond execution: you will operate as a strategic partner to engineering, security, and business stakeholders, driving medium-term risk strategies, influencing decision-making, and establishing standards that strengthen the organization’s resilience.
You will lead complex risk initiatives with high ambiguity, guide risk prioritization at scale, and translate technical and risk concepts into clear executive insights for forums and committees. In addition, you will mentor peers, elevate risk practices across teams, and contribute to the growth and maturity of the IT Risk function.
You'll be responsible for
- Lead end-to-end technology and cybersecurity risk assessments for complex initiatives, systems, or business domains, driving risk decisions aligned with organizational priorities and medium-term strategy.
- Drive cross-functional risk initiatives involving multiple teams and stakeholders, navigating ambiguity and influencing technical and business decisions through structured analysis and scenario evaluation.
- Define, evolve, and promote risk management standards, frameworks, and governance practices to ensure scalable and consistent application across technology environments.
- Prepare and present relevant technology and cybersecurity risk topics, assessments, and recommendations in executive forums and risk committees, enabling informed decision-making and organizational alignment.
- Design and mature risk monitoring capabilities, including key risk indicators (KRIs), metrics, and insights that improve proactive risk visibility and operational resilience.
- Provide technical leadership and mentorship within the IT Risk function, supporting peer development, hiring processes, and the continuous evolution of risk practices and methodologies.
We are looking for a person who has
- 8+ years of experience in technology and cybersecurity, with a strong focus on risk assessment, analysis, and mitigation within complex and large-scale environments.
- Deep knowledge of modern technology environments, including information security, identity and access management, cloud-native architectures (e.g., AWS and GCP), container and serverless security (e.g., EKS, GKE, Lambda), and distributed systems communication (e.g., Kafka or similar messaging platforms).
- Proven ability to translate complex technical topics into clear business and executive-level language, adapting communication to diverse audiences and decision-making contexts.
- Demonstrated experience operating in ambiguous environments, influencing cross-functional stakeholders, and supporting risk-based decision-making at senior levels.
- Advanced English communication skills (written and verbal).
- Bachelor’s degree in Information Security, Computer Science, Engineering, or a related field. Master’s degree or relevant certifications (e.g., CISA, CISSP, CISM, CRISC, or equivalent) are considered a plus.
- Strong understanding of information security principles, risk management frameworks, and regulatory requirements (e.g., NIST, LGPD, ISO 27001).
Location for this opportunity (City, Country)
- São Paulo, Brazil
Our Benefits
- Chance of earning equity at Nubank
- Food/ Meal Card (Vale-Refeição and/or Vale Alimentação)
- Public Transportation Commuting Benefit (Vale-Transporte)
- NuCare – Psychological, Financial and Legal Assistance Program
- Life Insurance
- Medical Plan
- Dental Plan
- NuLanguage – Language Course Program
- Nucleo - Our learning platform of courses
- Extended Parental Leave
- Daycare Allowance
- Parental Consultancy
- Work-from-home Allowance
- Gym Partnerships
- 30 days of paid vacation
- Relocation Assistance Package, if applicable
Work Model for this Role
- Option 1: Hybrid 2-3 times/week: Our hybrid work model brings us to the office at least twice a week, on strategic days designed to maximize team connection and collaboration. For more details, visit https://building.nubank.com/nu-hybrid-work-model/
Explore how we build technology at Nubank:
🎥 youtube.com/@building.nubank ↗
🎧 Listen to our stories on Spotify ↗