Information Security Analyst II

This position is listed on behalf of a partner company, who manages all applications and next steps. Our partner is looking for an Information Security Analyst II based in Brazil.

This role sits within a global Security Governance, Risk, and Compliance (GRC) environment, with a strong focus on maintaining and advancing HITRUST certification and related compliance frameworks. You will play a key role in ensuring that security controls, policies, and processes are effectively designed, implemented, and continuously improved in line with regulatory and audit requirements. Acting as both a compliance specialist and a practical enabler for the business, you will help translate complex security standards into scalable, operational controls. The position involves close collaboration with international teams across multiple time zones, supporting audits, evidence preparation, and ongoing risk management activities. You will contribute directly to strengthening the organization’s security posture and demonstrating compliance readiness to auditors, customers, and regulators. This is an ideal opportunity for someone who thrives in structured, regulated environments and enjoys working at the intersection of security, governance, and operational execution.

• Support the implementation, monitoring, and continuous improvement of HITRUST CSF security controls across the organization.
• Contribute to HITRUST r2 assessments, validated audits, and ongoing certification maintenance activities.
• Manage and organize audit evidence to ensure readiness for internal and external compliance reviews.
• Track remediation actions and support continuous compliance initiatives across security and risk domains.
• Stay current with HITRUST CSF updates, scoring methodology, and evolving control requirements.
• Collaborate with cross-functional teams to translate compliance requirements into practical security controls.
• Assist in maintaining alignment with related frameworks such as NIST, ISO, and HIPAA where applicable.
• Support internal stakeholders in understanding and applying security and compliance requirements effectively.

Requirements

• Bachelor’s degree in Information Systems, Information Security, Business (Audit focus), or related field, or equivalent experience.
• Relevant certifications such as CISA or CISM are highly desirable.
• Experience working with HITRUST CSF frameworks and the MyCSF tool.
• Strong understanding of information security principles and governance, risk, and compliance practices.
• Familiarity with control mapping frameworks such as NIST, ISO, HITRUST (v11.7/v11.8), and HIPAA.
• Experience supporting audits, evidence collection, and compliance documentation in regulated environments.
• Exposure to cloud security controls within compliance or audit scope is a plus.
• Strong analytical skills with high attention to detail when reviewing controls, evidence, and documentation.
• Ability to translate technical and regulatory requirements into clear, actionable guidance.
• Comfortable working in a global, remote, English-speaking environment across multiple time zones.
• Experience in regulated industries such as healthcare, fintech, or SaaS is an advantage.

Benefits

• Comprehensive health and dental coverage, including medical and wellness support.
• Meal and food allowance and childcare assistance.
• Access to wellness programs, gym benefits, and mental health support.
• Birthday day off and volunteer time-off (2 days per year).
• Language learning support and access to digital learning platforms.
• Discounted access to courses and professional development resources.
• Flexible remote work setup within Brazil.
• Inclusive, global working environment with strong focus on integrity, impact, and innovation.