Descrição da Vaga
Korn Ferry has partnered with our client on their search for IT Consultant - CyberSecurity
Purpose of the Position
To
strengthen the Information Security capability
of a
large corporate and investment banking institution
at a critical moment of
regulatory, infrastructure and systems transformation , ensuring that security is effectively embedded into the
expansion and modernization of on-premise environments .
The bank is executing a complex set of initiatives driven by
regulatory requirements related to corporate identification (CNPJ) , which require significant adaptations across multiple systems, including
large-scale legacy COBOL platforms
and the
duplication and expansion of development and UAT environments .
This position exists to act as a
hands-on security reference within the Information Security team , providing the
technical depth, execution capacity and security judgment
required to navigate this transformation safely. While the overall program is
infrastructure-led , its success depends on ensuring that
security controls are consistently applied, validated and sustained
throughout implementation and beyond.
The role bridges the gap between
project execution and day-to-day security operations (BAU) , ensuring that new servers, systems, integrations and access models are deployed in line with the bank’s
security standards, regulatory expectations and risk appetite . This includes validating
hardening standards, EDR and antivirus policies, secrets management, vulnerability scanning, IAM and access governance , as well as supporting
secure development practices
in coordination with development teams and existing security tooling (e.G.,
Veracode ).
Beyond the implementation phase, this position is critical to ensuring
continuity and stability
once third-party vendors disengage. The individual will retain
technical ownership and operational responsibility
for the security posture of the new environments, becoming a
trusted internal point of reference
capable of responding quickly to incidents, vulnerabilities and emerging risks.
The Candidate
Main Challenges and Assignments
Act as the
security focal point
during a large-scale
on-premise infrastructure duplication and modernization project , driven by
Central Bank regulatory requirements .
Support the
duplication and expansion of UAT and development environments , ensuring security controls are correctly implemented across
servers, antivirus, EDR, password vaults, vulnerability scanners, IAM and access governance .
Operate in a
highly complex legacy environment , including
COBOL-based ecosystems
deeply integrated with multiple critical systems.
Balance
project-related security demands
with
Business As Usual (BAU)
activities, including
vulnerability management, incident response and tool optimization .
Review and validate large volumes of
technical documentation
produced by infrastructure, data, IAM and third-party vendors.
Ensure that
security requirements are not overlooked
during fast-paced infrastructure changes, despite not owning project timelines or acting as project manager.
Take over
operational security support
once third-party vendors disengage.
Manage security implications of increased scale, including
server growth, expanded IPS / vulnerability scanning ranges, and increased IAM and SoD complexity .
Act decisively in situations of
technical ambiguity , prioritizing rapid risk reduction over waiting for perfect information.
Handle
urgent requests and stakeholder pressure
while maintaining a firm, technically sound security stance.
Act as a
technical executor , not only a strategist, capable of “getting hands dirty” while applying best practices in daily operations.
Navigate a
multicultural environment , with frequent interactions and meetings in
English
with global teams.
Experience and Professional Qualifications
Proven background in
information security project implementation , particularly in
on-premise data centers
and
legacy system modernization .
Solid knowledge of
vulnerability management
(infrastructure and application layers) and
DAST / SAST concepts
(e.G.,
DAST, Veracode, vulnerability scanning interpretation ).
Experience validating and enforcing
hardening standards ,
antivirus / EDR policies , and
password vaults and secrets management .
Understanding of
secure development pipelines and DevSecOps concepts
(hands-on DevSecOps experience is a strong plus, not mandatory).
Familiarity with
IAM, access governance, SoD , and security impacts on
databases, networks, operating systems and middleware .
Experience working alongside and technically guiding
third-party vendors
(IAM, Infrastructure, Data, Security).
Ability to
execute hands-on security tasks
when needed, while effectively leveraging vendors when available.
Comfortable operating in environments with
COBOL / legacy platforms
and
large-scale, business-critical systems .
Experience in
regulated financial environments
or highly governed industries is highly desirable.
Advanced conversational
English
to absorb global directives and participate in international meetings.
Knowledge of
banking processes, regulations and compliance requirements
is a strong differential.
Bachelor’s degree or higher in
Engineering, Computer Engineering, Technology or related fields .
Behavioral Skills
Technical Leadership & Influence
– Demonstrates strong technical leadership without formal authority, influencing infrastructure, development and vendor teams across complex environments.
Proactive Execution & Speed
– Acts decisively in the face of ambiguity and incomplete information, prioritizing rapid risk reduction and hands-on execution over excessive process.
Problem Solving & Resilience
– Thrives in high-pressure environments, including incident response and firefighting, focusing on root-cause resolution rather than temporary fixes.
Ownership, Trust & Collaboration
– Shows strong accountability and prioritization, becoming a trusted security advisor while collaborating effectively across security, infrastructure, development and data teams.
SE:
510773393
