Senior Manager, Security GRC in São Paulo, São Paulo at AspenView Technology Partners, Inc.

Build the Future with AspenView Technology Partners

At AspenView, we are passionate about transforming the way organizations approach technology. We specialize in creating high-performing, nearshore IT teams to help North American clients innovate faster and more efficiently. As we continue to grow, we’re looking for exceptional people to join our team and help drive impactful change across industries.

Why Join AspenView?

At AspenView, we’re more than a nearshore IT partner—we’re a people-first, purpose-driven company that believes great culture drives great outcomes. We’re passionate about connecting talent and technology to deliver measurable value for clients—and meaningful career paths for our people.

Here’s what you can expect:

• Competitive base
• Comprehensive benefits and wellness support
• Flexible work model: hybrid, remote, or in-office
• Real growth opportunities and leadership visibility
• Inclusive, respectful culture that blends U.S. innovation with Colombian heart
• A company that listens, invests in you, and celebrates wins together

The Senior Manager, Security GRC drives the enterprise security governance framework, shaping risk posture, compliance strategy, and policy architecture across global operations. Serving as the primary cyber risk advisor to the CISO and executive leadership, you will translate regulatory requirements and board-level risk appetite into actionable, enterprise-wide programs.

Strategy & Governance Management

• Own the enterprise GRC strategy and program roadmap aligned to business objectives and risk appetite.
• Establish and enforce security policies, standards, and the exceptions management process.
• Build and develop a high-performing GRC team while partnering with Legal, Internal Audit, and business unit leaders.

Risk Reporting & Compliance

• Govern regulatory compliance across NIST CSF, ISO 27001, SOX, GDPR, and CMMC, while managing audit relationships.
• Lead cyber risk reporting to the CISO, Board, and executive stakeholders, and define risk quantification methods.

Supply Chain & Resilience

• Lead Cyber-Supply Chain Risk Management and third-party security assessment programs.
• Oversee Business Continuity Planning integration with cybersecurity resilience and drive the Training & Awareness strategy.

• Frameworks: Mastery of NIST CSF, NIST RMF, ISO 27001, and ISO 31000.
• Regulations: Expertise in SOX ITGC, GDPR, CMMC, and cross-jurisdictional regulatory compliance.
• Methodologies: Advanced understanding of third-party risk, supply chain security, and business continuity methodologies.

• Experience: 12+ years in cybersecurity with 5+ years leading enterprise GRC programs in complex, global organizations.
• Certification: CISSP or CISM is required; CRISC or CGEIT is highly preferred.
• Executive Advisory: Exceptional skills with a proven ability to translate complex cyber risk into board-level narratives.
• Leadership: Demonstrated ability to build and lead high-performing teams in a transformation or build-out context.

Equal Opportunity Employer:

AspenView is proud to be an equal opportunity employer. We believe in creating an environment where all employees feel welcome, valued, and empowered to succeed. We celebrate diversity and strive to build a culture of inclusion where all individuals, regardless of their race, color, gender, gender identity or expression, sexual orientation, disability, age, or any other characteristic, can thrive. We encourage applicants from all walks of life to join our team and make a lasting impact.

Visa Sponsorship Disclaimer USA
AspenView does not provide visa sponsorship for this role. Candidates must already be legally authorized to work in their country of residence.