Grupo QuintoAndar | Senior Security Analyst - IAM Governance

About QuintoAndar:

QuintoAndar was born to do something very rewarding: open doors. We opened doors for technology to be part of living. And, through it, we simplify and reduce the bureaucracy of the experience of those looking for a new home. Thus, we became the most valuable proptech in Latin America, leading the real estate market in around six countries and more than 75 cities around the globe.

The first steps in the international market have been taken since we acquired Grupo Navent, which is ranked number 1 in Mexico (Inmuebles24), Argentina (Zonaprop), Peru (Adondevivir & Urbania) and Ecuador (Plusvalia) - among others. And most recently, we launched Benvi, our international brand in Mexico, which comes with our residential rental product and service.

We offer an end-to-end ecosystem to make life easier for those looking to rent or buy a home, sell a property and unlock a transaction. Think of zero paper or bureaucracy: everything happens on a single platform, with transparency and speed alongside incredible human support.

We are currently valued at over $5.1 billion (August 2021) and continue to grow 4x year over year, breaking records.

To make all this happen, we have more than 4,000 talented people, working with cutting-edge technology and best design practices to ensure a seamless experience throughout the sales and rental process, combined with smart financial products. Here you will work with the best professionals in the market, in an environment that breathes innovation, collaboration and high performance.

To learn more about our history, visit https://quintoandar.group/en/.

About Grupo QuintoAndar:

We are Grupo QuintoAndar, the largest real estate ecosystem in Latin America. Guided by a shared purpose of helping people love where they live, we have a diverse portfolio of brands and solutions that cover all stages of the journey of living. We develop technologies and innovations that transform and leverage the whole living experience.

About working at QuintoAndar:

• Possibility of learning;
• Opportunity to work in a team that seeks to use the best practices and tools in the market;
• Work in an informal environment with a horizontal structure;
• Being part of a team working on a high-impact project that affects the lives of thousands of people.

Location & Remote Work

Our technology team works on the "remote-first" model, which means we are working from home with the possibility of living anywhere in Brazil. We also have the option of using QuintoAndar's offices in São Paulo and Campinas or using partner coworking spaces, both up to twice a week.

Language

This job description is written in English because for that position you will need it for communications with coworkers and suppliers who are from worldwide, for tools and internal materials as well. // A descrição desta vaga está escrita em Inglês porque para esta posição é necessário para a comunicação com colegas e fornecedores, que são de diferentes países, além do uso de ferramentas e materiais internos.

Stages of the Selection Process

Our selection process currently lasts an average of 30-40 days, from application to completion of the assessment. Going through:

• Application & CV Screening
• Tech Screening
• Interviews with Engineering Team
• Interview with Recruiter
• Offer

About the Area and Responsibilities

We are looking for a Senior Governance Analyst to manage the strategy and implementation of identity and access management (IAM) policies at QuintoAndar. Your responsibilities will include defining security norms and procedures, auditing and ensuring access compliance, and guaranteeing that governance best practices are followed, protecting our data, and ensuring the integrity of our identity ecosystem.

Responsibilities:

• Develop, implement, and manage access controls and IAM governance standards following the NIST Cybersecurity Framework (NIST CSF) recommendations.
• Develop, review, and update IAM policies and procedures.
• Identify, evaluate, and mitigate IAM risks, ensuring compliance with regulations and best practices.
• Conduct regular access reviews to ensure appropriate permissions.
• Collaborate with internal and external teams to ensure compliance with security standards.
• Perform security audits and assessments to identify and mitigate IAM risks.
• Work with internal and external audits to ensure IAM process compliance.
• Monitor and respond to security incidents related to access.
• Establish metrics and KPIs to monitor the effectiveness of IAM policies and processes, preparing regular reports for senior leadership.
• Stay updated on best practices and trends in information security and IAM.
• Participate in the evolution of the access platform (SailPoint IdentityNow).
• Continuously update documentation and procedures.
• Promote awareness and training on IAM best practices.
• Identify opportunities for continuous improvement of IAM processes.

Requirements

• Interpersonal skills: oral and written communication, negotiation with internal clients, critical and analytical thinking, and time management.

• Knowledge of IAM governance principles, such as SoD and RBAC.
• Knowledge of security governance frameworks.
• Knowledge of compliance management, information security policies, project management, and quality management.
• Experience in monitoring and identifying KPIs.
• Practical problem-solving skills and a hands-on approach.
• Analytical vision and good communication with diverse audiences (technology, product, data, operations, corporate areas, etc.).
• Interest in learning and being part of high-impact, data-driven solutions that increase security maturity in the company.
• Fluency in Portuguese and advanced knowledge of English.
• Adaptability to constant work evolutions.

Scope of Influence:

• Peers, squad projects, stakeholders from various areas.

Level of Action:

• Develops and implements highly critical IAM policies.
• Identifies vulnerabilities and defines mitigation strategies.
• Guides and trains the team in IAM governance and security best practices.

We may like you even more if you:

• Have experience in the administration and implementation of Identity and Access Management solutions (e.g., Okta, SailPoint IdentityNow, CyberArk, Ping Identity).
• Have experience with agile methodologies and startup environments.
• Have formal certifications in identity management and/or information security.
• Have knowledge of security governance frameworks (NIST CSF, NIST 800-53, ISO 27001, CIS controls).
• Have experience or exposure to compliance and security audit areas.

Important:

• Our selection process starts with the application! If you are truly interested in joining our team, make sure to put in extra effort at this stage. We review all candidates individually and provide feedback even to those who do not proceed in the process;
• All communication is done via email, so be attentive to our messages and whitelist the @quintoandar.com.br domain to prevent our emails from going to spam.

Benefits

• Competitive salary package;
• Bonus
• Meal allowance ("Flash benefícios");
• Health plan;
• Dental plan (optional);
• Life insurance;
• Daycare subsidy;
• Subsidy to sports practicing (Gympass).
• Extended maternity and paternity leave;
• Reserved room for breast-feeding*;
• Discount on our parking lot;*
• Language learning support;
• Free transfer from Vila Madalena and Fradique Coutinho stations to the office*;
• Free bike rack in our parking lot.*

Diversity & Inclusion at QuintoAndar

At QuintoAndar, we believe diversity of perspectives and experiences guarantee a differentiated work environment, based on respect and valuing differences. Feel free to declare the information on the registration form. If you are not comfortable answering them, just choose the option "I prefer not to respond". This information helps us create an increasingly inclusive environment and it is used only for this purpose, it is confidential, and it will not impact your performance throughout the hiring process.

Privacy and Data Protection

In order to apply for one of our jobs roles, we will need to collect some of your personal data necessary for us to review your application and to contact you. We believe that the diversity of perspectives and experiences guarantees a differentiated work environment, based on respect and appreciation of differences. For this reason, we have several affirmative jobs, and information regarding your gender, ethnicity/race, and disability may be collected in the process.

All data processed is confidential and will be stored in a secure place for the time necessary to fulfill its purposes, with appropriate technical and administrative measures being adopted to protect your information.

If you have any questions, please contact us via the following page.