Job Details
Consultant for IT Security Evaluation of Suppliers
Job Description The consultant will be responsible for evaluating IT security maturity of suppliers and coordinating the remediation actions to enhance supplier security posture. This role involves in-depth analysis of security findings, collaboration, and coordination with external partners, and driving proactive security measures to mitigate supplier potential risks effectively.
Main Task / Key responsibilities:
1. Collaborate and coordinate with external stakeholders to send self-assessment questionnaire to suppliers and to collect evidence of implemented IT security controls.
2. Manage supplier assessment plan.
3. Review supplier IT Security Assessment reports delivered by external stakeholders to ensure quality of risk evaluation.
4. Design risk mitigation action plans to improve security posture of suppliers.
5. Work closely with suppliers and internal teams to guide and oversee remediation efforts, ensuring compliance with security best practices and industry standards.
6. Facilitate communication and coordination between internal teams and suppliers to ensure timely resolution of identified security weaknesses.
7. Provide guidance and recommendations to suppliers on security measures and risk mitigation strategies based on assessment findings.
8. Document findings, remediation progress, and lessons learned for continuous improvement and knowledge sharing within the organization.
Job Requirements
9. Bachelor's degree in computer science, Information Security, or a related field.
10. Availability for an individual employment contract for a fixed term of 12 months with the possibility of extension.
Knowledge and Experience:
11. Demonstrated experience in information security, particularly in security risk assessments and vulnerability management.
12. Proficiency in assessing security vulnerabilities and their potential impact on systems and networks.
13. Strong understanding of industry-standard security frameworks (e.g., ISO 27001, NIST, CIS).
14. Excellent communication and interpersonal skills to collaborate effectively with internal and external stakeholders.
15. Experience in coordinating and driving remediation efforts to address identified security vulnerabilities.
16. Certifications such as Certified Information Systems Security Professional (CISSP) or Certified Information Security Manager (CISM) are a plus.
The preceding job description had been designed to indicate the general nature and level of work performed by employees within this classification. It is not designed to contain or be interpreted as a comprehensive inventory of all duties and responsibilities required of employees assigned to this job. What's next: Diversity & Inclusion Here at the Stefanini Group, we value plurality and equity, regardless of race, sexual orientation, disability, age, ancestry, religion, gender, and nationality. We understand and encourage the importance of being you! About us We are a Brazilian company with over 35 years of experience in delivering IT services worldwide, ranging from IT outsourcing to application development or IT staffing. We have a direct presence in 41 countries, through our 70 offices located throughout the world. We have managed to become the preferred partner of many small-to-midsize local and regional companies as well. Most of our clients come from industries such as financial services, manufacturing, telecommunications, chemical, services, technology, public sector and utilities.Stefanini has career opportunities locally and around the world for professionals interested in a vibrant, passionate, team-oriented workplace. If you are a customer-centric person with a "get it done" attitude, come over for coffee and a talk on your future career with us! Learn more about us on and join us on, and where we regularly post insights from our colleagues.#LI-HYBRID