Senior Security Governance and Risk Consultant

Tenchi is a Cyber Security company that is building innovative technology focused on Third-Party Cyber Risk Management for businesses. Founded by serial entrepreneurs and backed by a solid group of Institutional Investors, we seek to disrupt this rapidly growing industry. Our company is 100% remote and our team is spread across the globe, including Brazil, US, Canada, Argentina, and Spain. We strive to get the best professionals in the field so our team can build an amazing product focused on our client’s needs.

As a Senior Security Governance and Risk Consultant at Tenchi, you will lead our clients through the intricacies of establishing effective security governance practices and managing enterprise risk. This role involves crafting governance frameworks, performing risk assessments, and ensuring compliance with relevant security regulations. With your extensive experience in the cybersecurity field, you'll guide organizations in fortifying their security posture while aligning their security strategy with their business objectives.

Key Responsibilities:

• Lead the planning, execution, and delivery of security governance and risk management projects for clients across various industries;
• Conduct security maturity assessments based on established frameworks (e.g., NIST CSF, CIS Controls, ISO/IEC 27001), and identify gaps, risks, and areas for improvement;
• Design, implement, and maintain Information Security Management Systems (ISMS) in compliance with ISO 27001 or other relevant standards;
• Develop and manage Information Security Master Plans (PDSI), aligning security strategy with business objectives;
• Execute Third Party Cyber Risk Management (TPCRM) processes, including due diligence assessments, vendor risk scoring, and remediation planning;
• Lead or support cybersecurity audits and regulatory compliance reviews (e.g., LGPD, GDPR, SOX);
• Provide guidance and recommendations to clients on risk mitigation strategies, security policies, procedures, and controls;
• Collaborate with cross-functional teams (Legal, IT, Compliance, Procurement, etc.) to embed security governance into broader business processes;
• Conduct occasional on-site visits to clients or third parties as required by project needs;
• Deliver executive-level reporting and presentations on risk posture, findings, and strategic recommendations;
• Mentor junior consultants and support internal capability development within the GRC team;
• Stay up to date with emerging threats, regulatory changes, and industry trends to continuously enhance client value and service delivery.

• Bachelor’s or Master’s degree in Information Security, Computer Science, or a related field;
• 5+ years of experience in security governance, risk management, or compliance consulting;
• Deep understanding of security frameworks, regulations, and cybersecurity compliance requirements (e.g., NIST, CIS, ISO/IEC 27000);
• Proven track record of leading and delivering complex security projects with direct client interaction;
• Experience with risk assessment tools and methodologies is a plus;
• Strong analytical, organizational, and problem-solving skills;
• Excellent interpersonal and communication abilities, with the capability to convey complex topics in a clear and concise manner;
• Certifications such as CISSP, CISM, CRISC, or similar are strongly preferred;
• Comfortable working in remote environments while maintaining high engagement and collaboration with clients and teams.
• Fluency in Portuguese and English.

• We are confident that you will have the opportunity to work with bleeding-edge technologies in a nice environment where everyone strives to grow and learn.
• We invest in our people in many ways, including on-the-job training and exceptional development tools. We encourage scientific publications, conference,and workshop participation, in our fields of expertise.
• We offer an attractive compensation package with the opportunity to work from anywhere in the world.