IT Risk Analyst

About Us

Nu is one of the largest digital financial platforms in the world, with more than 127 million customers across Brazil, Mexico, and Colombia. Guided by our mission to fight complexity and empower people, we are redefining financial services in Latin America and this is still just the beginning of the purple future we're building.

Listed on the New York Stock Exchange (NYSE: NU), we combine proprietary technology, data intelligence, and an efficient operating model to deliver financial products that are simple, accessible, and human.

Our impact has been recognized by global rankings such as Time 100 Companies, Fast Company’s Most Innovative Companies, and Forbes World’s Best Bank. Visit our institutional page https://international.nubank.com.br/careers/  

About the team:
The IT Risk Team is part of the Risk Management Tribe at Nubank, responsible for identifying and managing technology and information security risks across information technology systems, including microservices and processes. IT Risk Management consists of helping the business identify threats and vulnerabilities to mitigate information technology risks that could materialize and negatively impact data confidentiality, integrity, and availability.

About the role:
As an IT Risk Analyst, you will be part of Nubank’s Second Line of Defense, playing a critical role in identifying, assessing, and governing technology and cybersecurity risks across complex, cloud-based, and data-driven environments.

You will work closely with the Engineering, Security, Product, and Business teams to evaluate risks related to platforms, products, and processes, ensuring they are properly understood, documented, and addressed through established risk governance processes. The role involves conducting risk assessments and thematic reviews, monitoring key risk indicators, supporting governance forums, and responding to risk-related inquiries from stakeholders.

A key aspect of this position is contributing to the evolution of IT Risk through the use of automation, data analytics, and AI-enabled tools, improving efficiency, scalability, and risk visibility. You will help strengthen risk processes, metrics, and methodologies, translating technical risk topics into clear insights for both technical and executive audiences.

You'll be responsible for

• Conduct IT and cybersecurity risk assessments across multiple technology domains, with limited supervision, identifying vulnerabilities, threats, and potential impacts. Translate technical findings into clear risk insights that can be effectively communicated to stakeholders at various seniority levels.


• Assess and challenge technology and cybersecurity risks associated with products, features, and platforms, ensuring that risks are identified, documented, and managed in accordance with established risk frameworks and governance forums.


• Monitor, maintain, and analyze Key Risk Indicators (KRIs) and Key Performance Indicators (KPIs), ensuring alignment with defined thresholds and risk appetite. Prepare dashboards, reports, and updates for both technical and non-technical audiences.


• Respond to risk-related inquiries through designated Risk Channels (e.g., Ask Risk, NP&F), providing timely, structured, and high-quality risk guidance.


• Leverage automation and AI-enabled tools to improve efficiency, consistency, and scalability of risk activities, including risk identification, reporting, control assessment, and monitoring.


• Collaborate closely with cross-functional teams (Engineering, Security, Product, Compliance) to support risk discussions, workshops, and thematic reviews.
  
  

We are looking for a person who has

• Experience in risk management with a focus on Information Technology and/or Cybersecurity.


• Bachelor’s degree in Information Security, Computer Science, Engineering, or a related field.


• Solid understanding of technology environments, including information security fundamentals, identity and access management, cloud-native environments (e.g., AWS, GCP), and modern application architectures.


• Strong analytical and problem-solving skills, with the ability to translate technical topics into clear business and risk-oriented insights.


• Experience in automation and AI-driven tools (e.g., data analysis platforms, workflow automation, dashboards, or control testing automation) applied to risk, security, or operational contexts.


• Comfort working with data, metrics, and dashboards to support risk analysis and decision-making.


• Intermediate English proficiency (written and verbal), capable of participating in meetings and producing written risk materials.

Location for this opportunity (City, Country)

• São Paulo, Brazil 

Our Benefits

• Chance of earning equity at Nubank


• Food/ Meal Card (Vale-Refeição and/or Vale Alimentação)


• Public Transportation Commuting Benefit (Vale-Transporte)


• NuCare – Psychological, Financial and Legal Assistance Program


• Life Insurance


• Medical Plan


• Dental Plan


• NuLanguage – Language Course Program


• Nucleo - Our learning platform of courses


• Extended Parental Leave


• Daycare Allowance


• Parental Consultancy


• Work-from-home Allowance


• Gym Partnerships


• 30 days of paid vacation


• Relocation Assistance Package, if applicable

Work Model for this Role

• Option 1: Hybrid 2-3 times/week: Our hybrid work model brings us to the office at least twice a week, on strategic days designed to maximize team connection and collaboration. For more details, visit https://building.nubank.com/nu-hybrid-work-model/ 

Explore how we build technology at Nubank:

🔗 building.nubank.com.br ↗

🎥 youtube.com/@building.nubank ↗

🎧 Listen to our stories on Spotify ↗