FreeHire

nubank

IT Risk Senior Specialist

Show

About Nu

Nu is the leading digital bank in Latin America, serving 135 million customers across Brazil, Mexico, and Colombia. The company has been leading an industry transformation by leveraging data and proprietary technology to develop innovative products and services.

Guided by its mission to fight complexity and empower people, Nu caters to customers’ complete financial journey, promoting financial access and advancement with responsible lending and transparency. The company is powered by an efficient and scalable business model that combines low cost to serve with growing returns.

Nu’s impact has been recognized in multiple awards, including Time 100 Most Influential Companies, Fast Company’s Most Innovative Companies, and Forbes World’s Best Banks.
Visit our institutional page: https://www.nu.com/2026-en

IT Risk Senior Specialist

About Us

Nu is one of the largest digital financial platforms in the world, with more than 127 million customers across Brazil, Mexico, and Colombia. Guided by our mission to fight complexity and empower people, we are redefining financial services in Latin America and this is still just the beginning of the purple future we're building.

Listed on the New York Stock Exchange (NYSE: NU), we combine proprietary technology, data intelligence, and an efficient operating model to deliver financial products that are simple, accessible, and human.

Our impact has been recognized by global rankings such as Time 100 Companies, Fast Company’s Most Innovative Companies, and Forbes World’s Best Bank. Visit our institutional page Careers at Nu - Join our team!

About the Role

Strategic and regulatory, centered on the design and strengthening of the Technology Risk framework, and on overseeing its implementation through the Technology Risk area and the business areas, ensuring comprehensive, forward-looking management aligned with regulation and the company’s strategy.

Supports the oversight and development of the Technology Risk function, defining frameworks, metrics, and guidelines, and supervising the proper management of risks arising from systems, data, infrastructure, and technology third parties. Acts as the main point of contact with governing bodies and regulators on IT Risk matters, coordinates the response to major incidents and technology crises, and helps execute tests, assessments, and monitoring of the technology environment.

Responsibilities

  • Define, update, and oversee the Technology Risk framework (policies, standards, methodologies) and maintain risk metrics (KRIs, RAS) for governing bodies.

  • Lead regulatory reports and committee presentations on Technology/Cybersecurity Risk, and coordinate responses to regulatory/audit requests.

  • Oversee classification and root-cause analysis of high-materiality tech/cyber incidents and lead execution of crisis protocols.

  • Review and challenge first-line DRP design/testing and BIA technology dependencies to ensure adequate resilience and risk exposure assessment.

  • Challenge technology risk assessments for new products/architectures and drive root-cause analysis and remediation of material gaps.

  • Design IT Third-Party Risk frameworks, oversee control testing quality, and act as key advisor to Risk, Engineering, Security, and Data leadership.

Qualifications

  • Bachelors’ degree in Engineering, Computer Science, Information Technology, a Risk Management related field, or equivalent experience (Master's degree is a plus)

  • Minimum of 7 years of experience in cybersecurity or IT Risk Management ( Proven experience in fintech sector is a plus)

  • In-depth knowledge of IT and cybersecurity risk management concepts, practices and methods.

  • Fluent in English and Spanish, with exceptional communication skills to articulate complex risk scenarios and strategies effectively.

  • Understanding of cloud computing models such as Infrastructure as a Service (IaaS), Platform as a Service (PaaS), and Software as a Service (SaaS). Familiarity with cloud providers like Amazon Web Services (AWS) and serverless technologies.

  • Understanding of cybersecurity concepts such as confidentiality, integrity and availability, supply chain risks, cryptography, endpoint and network security, cloud security, mobile security, API security, etc.

  • Understanding of DevOps practices and tools used in cloud environments, such as continuous integration/continuous deployment (CI/CD) pipelines and containerization.

  • Knowledge of risk management frameworks and methodologies to identify, assess and manage risks.

  • Certificates in information security or IT risk management (CISSP, CEH, OSCP, CISA, CISM, CRISC, ISO27001 and/or other) is a plus.

Location & Work Model

  • Hybrid 2-3 times/week: Our hybrid work model brings us to the office at least twice a week, on strategic days designed to maximize team connection and collaboration.

  • This position is based in Mexico City, Mexico

Benefits

  • Chance of earning equity at Nu

  • Extended maternity and paternity leaves

  • Health and life insurance

  • Dental and Vision Insurance

  • NuCare - Our mental health and wellness assistance program

  • Nucleo - Our learning platform of courses

  • NuLanguage - Our language learning program

  • Holiday Bonus ("Aguinaldo") of 30 days of pay per year

  • 17 days of paid vacation with 25% vacation bonus

  • Gym partnership

  • Food card

  • Work-from-home Allowance

  • Parental Consultancy

  • Relocation Assistance Package, if applicable

By submitting an application, I acknowledge that I have read and understand the Nubank Candidate Privacy Notice.

Nubank Candidate Privacy Notice (English / Portuguese / Spanish).