Senior Grc Consultant

About OpenHQOpen Cybersecurityis a fast-growing consultancy and the officialmaster distributor of Vantain Latin America - the world's leading trust management platform for compliance and security automation.Our flagship product,Vanta, enables enterprises to simplify and accelerate compliance with frameworks such asSOC 2, ISO 27001, PCI DSS, GDPR, LGPD, and others.

It also empowers organizations tomanage vendor riskandstrengthen their security posturewith automation and AI.We work closely with industries such asbanking, fintech, and insurance, providing the expertise and technology needed to achieve compliance at scale and build customer trust.We are expanding acrossBrazil, Mexico, and the US, and are looking for aSenior Security Governance and Risk Consultantto help drive our next stage of growth.What will you do?

Lead the planning, execution, and delivery of security governance and risk management projects for enterprise clients;Conduct maturity and risk assessments using frameworks such as NIST CSF, CIS Controls, ISO / IEC 27001, SOC 2, PCI DSS, LGPD, GDPR, CNBV IFPE ;Design, implement, and maintain Information Security Management Systems (ISMS) in compliance with ISO 27001 or equivalent standards;Partner with Vanta's Sales and Customer Success teams to represent the Trust Management Platform to prospects and customers;Engage with executives and senior staff at client organizations to build trust with Security and Compliance stakeholders;Use your expert knowledge of frameworks like SOC 2, ISO 27001, ISO 27701, GDPR, DORA, NIS2, TISAX to advise customers on scoping, policy creation, control requirements, and security best practices ;Provide executive-level reporting and presentations on risk posture, findings, and recommendations;Collaborate with cross-functional GTM teams (Sales, Marketing, Product, Delivery) to improve processes and ensure seamless customer experiences;Develop public-facing content (education, best practices, playbooks) to strengthen customer enablement;Identify customer requirements and collaborate with Vanta stakeholders to improve product features;Support cybersecurity audits and regulatory compliance reviews across LATAM;Mentor junior consultants and support the growth of Open's GRC practice;Stay up to date with emerging threats, regulations, and industry trends to enhance client value.RequirementsWhat do you need to know?

5+ years of experience in security governance, risk management, or compliance consulting;Demonstrable expertise in at least one major framework ( SOC 2 or ISO 27001 ) - both strongly preferred;Strong knowledge of regulations and standards ( ISO 27701, GDPR, DORA, NIS2, TISAX, PCI DSS, LGPD, CNBV IFPE, Bacen );Proven ability to interact directly with C-level executives and senior stakeholders ;Strong technical fluency with cloud infrastructure, version control systems, risk management, vulnerability management, and related security processes ;Familiarity with APIs and service integrations to connect security requirements with SaaS environments;Experience building productive relationships across technical and non-technical teams;Knowledge of the cybersecurity audit process and compliance management in SaaS environments;Excellent communication, presentation, and project management skills ;Security certifications (e.g., CISSP, CISM, CISA, CRISC, CIPP / E, ISO 27001 Lead Implementer / Auditor ) strongly preferred;Comfortable working in remote / hybrid environments with high client engagement;Fluent in Englishmandatory;Portugueserequired;Spanish fluency is a major advantage.BenefitsOpportunity to work with leading compliance and security automation platforms ;Direct access to some of the most regulated and innovative enterprises in LATAM / US;Exposure to enterprise clients across Latin America and the US ;Ongoing training, mentorship, and certifications ;Competitive compensation package with performance incentives ;Hybrid work model , with flexibility and autonomy.