[Job-26068] Information Security Manager, Brazil

Flow is the platform that integrates human and AI agents to boost productivity, quality, and security across the software development lifecycle.

The Information Security area ensures that all products and operations are built with best-in-class security, compliance, and privacy practices by design, supporting global clients in their digital transformation journeys.

Lead the security strategy, governance, and operations of the CI&T Flow platform, ensuring compliance with international standards such as ISO 27001, NIST, LGPD, and SOX, while strengthening trust with CI&T’s enterprise customers.

Act strategically alongside Product, Engineering, and Business teams, positioning security as a competitive advantage and an innovation enabler.

Lead the information security strategy and Security by Design approach for the CI&T Flow platform.

Define and evolve the security roadmap, prioritizing initiatives based on risk and business impact.

Drive ISO 27001 implementation, maintenance, and audits, as well as other regulatory requirements.

Partner with Product, Engineering, and Platform teams on architecture reviews, identifying risks and defining mitigation actions.

Establish and oversee AI security governance, ensuring ethical use, traceability, and data protection in LLM-based solutions.

Manage security vendors and services, including pentesting, SOC, compliance, and technical audits.

Define and monitor security KPIs and KRIs, reporting progress and maturity to executive leadership.

Lead incident response, vulnerability management, and continuous threat monitoring.

Enable secure innovation through DevSecOps practices, automation, and security controls.

Own security budget planning and prioritization.

Support Sales, Legal, and Customer Success in security risk assessments and client communications.

Represent the security function in executive and strategic forums, translating technical risks into business impact.

Bachelor’s degree in Computer Science, Engineering, Information Security, or related fields.

Desired certifications: CISSP, CISM, Security+, ISO 27001 Lead Implementer/Auditor, CCSK, AZ-500, or equivalent.

Strong experience in SaaS application security, cloud environments (Azure and AWS), and secure architecture.

Proven experience with ISO 27001 implementation, AI governance, and compliance with LGPD, GDPR, and SOX.

Experience engaging with enterprise clients, with excellent technical and executive-level communication skills.

Proven background in security budget management, contracts, and vendor management.

Advanced English for global communication and collaboration.

-Profit Sharing and Results Participation (PLR);

-Continuous learning platform (CI&T University);

More details about our benefits here: https://ciandt.com/br/pt-br/carreiras

At CI&T, inclusion starts at the first contact. If you are a person with a disability, it is important to present your assessment during the selection process. See which data needs to be included in the report by clicking here.This way, we can ensure the support and accommodations that you deserve. If you do not yet have the assessment, don't worry: we can support you in obtaining it.