Location : BAL - SEDE
City : São Paulo
State : São Paulo (BR-SP)
Country : Brasil (BR)
Requisition Number : 35252
Bunge has an exciting opportunity available for a "Gte. Gestão de Riscos de TI e Terceiros". In this role you will be part of a global team working on challenging, meaningful projects impacting core business activities. Since 1818, Bunge has been connecting farmers to consumers to deliver essential food, feed, and fuel to the world. Looking to the future, our ambition is to continuously reinvent ourselves, leveraging data to be at the forefront of analytics, technology, and talent to accomplish our purpose in a better, faster, and simpler way. Bunge is committed to operating and thriving in the digital world – creating world class agile teams where teammates are empowered and encouraged to collaborate and test and learn to succeed.
At Bunge, people don’t just come here to work, they come here to grow – solving challenges that directly impact the world with a diverse team of thinkers and doers. Bunge offers a strong compensation and benefits package, generous paid time off program, flexible work arrangements, and opportunity to progress. Our hybrid work environment provides a balance of in-office and remote work.
Most importantly, in all we do we live our values:
1. Act as One Team by fostering inclusion, collaboration, and respect.
2. Drive for Excellence by being agile, innovative, and efficient.
3. Do What's Right by acting safely, ethically, and sustainably.
Overview:
Under the direction of the Director of Business Technology (BT) Security and Risk Management, the Sr Mgr. Technology and Third-Party Risk Management is responsible for managing the planning, organization and execution of BT and Cybersecurity Risk Management program.
This role will establish, manage, and continuously improve Risk Management assessments, risk registration, prioritized risk remediation, third party and application evaluations, and will maintain the risk register in Bunge’s Governance, Risk and Compliance automation. This role will also develop and implement strategies to mitigate technology and third-party risks.
Essential Functions:
Main Accountabilities
o Accountable for the performance of the BT Technology and Third-Party Risk Management team, including adherence to budget and the delivery of team objectives and goals. Build and operationalize a team of eventually 3-5 direct reports.
o Serve as a liaison to coordinate BT risk management activities with BT and business stakeholders to ensure proper engagement, effective risk evaluation, root cause analysis, and the development of meaningful and sustainable risk remediation activities as needed.
o Define, monitor and drive prioritized risk remediation, leveraging industry applicable frameworks COBIT, NIST CSF (Cyber Security Framework)) to mitigate and manage technology risks ensuring alignment with Bunge's overall risk management framework.
o Oversee and conduct complex risk assessments and evaluations of technology systems and third-party vendors, identifying risks, vulnerabilities, and exceptions to established BT and Cybersecurity policy recommending appropriate risk treatment options.
o Mentor and manage the activities of other BT Technology and Third-Party Risk Management team members, including the effective utilization of process automation and reporting through Bunge’s Governance, Risk and Compliance (GRC) automation.
o Actively collaborate and support partner functions across Bunge’s Governance, Risk and Compliance functions, and with stakeholders throughout BT and Cybersecurity.
o Lead, and participate in, projects that include internal control, regulatory compliance, and related capabilities scope to ensure adherence to applicable policies, assurance of control performance, and the achievement of team and program goals.
Knowledge and Technical Competencies:
o Recognized as an expert in risk management methodologies (for example, Standard Information Gathering (SIG) assessments, NIST, SOC II), effective treatment of risks, and applicable remediation and mitigation techniques within the organization.
o Can apply both a measured reactive and a deliberate proactive approach to the landscape of BT and Cybersecurity risks, staying informed of emerging industry trends and techniques and changes in regulations to ensure continuous compliance and performance within risk appetite.
o Leverage industry experience and knowledge of applicable best practices COBIT, NIST CSF, ISO 27k) frameworks, and guidance to define effective programs, mitigate and manage risk, risk-prioritize requisite remediation, and to improve the overall posture of Bunge’s BT and Cybersecurity environment.
o Apply expertise to determine root cause, to advise leadership on appropriate remediation methods, and to mitigate or remediate risk to an acceptable residual level, across various functional areas of Business Technology and Cybersecurity, including longstanding or improvements without a historical precedent.
Minimum Requirements:
Education/Experience:
o Bachelor's degree in computer science or information systems, risk management, accounting, finance, or equivalent combination of education and work experience.
o 11 plus years of experience in Information Technology, Internal Audit, Internal Controls, Risk Management, or related discipline (or equivalent combination),
o 7 plus years of experience in managerial/leadership roles in similar areas of experience.
o Demonstrated experience in the design, implementation, monitoring and improvement of Information Technology, Cybersecurity and Third-Party risk assessment, mitigation and management techniques required.
o Knowledge of Sarbanes-Oxley (SOX), Payment Card Industry (PCI) compliance, GDPR (General Data Protection Regulation) compliance or other applicable compliance programs preferred.
o Solid understanding of Governance, Risk and Compliance methodologies and effective automation through GRC tooling. Experience with Archer GRC preferred.
o Proven experience implementing Information Technology and Cybersecurity frameworks required. Possible examples include, but are not limited to: COBIT, NIST CSF, ISO 27k.
o Certifications such as CRISC, CGEIT, CISSP preferred.
o Ability to manage and execute numerous parallel activities in a fast-paced, dynamic environment.
o Ability to build and maintain constructive working relationships with a diverse community throughout the organization.
o Ability to effectively communicate in both written and verbal manner to influence both technical and non-technical audiences at all levels of the company including executives.
o Excellent analytical and problem-solving skills
o Project management skills preferred
o Actively shapes our company culture supporting employee resource groups, mentoring employees, volunteering, joining cross-functional projects)
o Champions our cultural norms willing to have cameras when it matters, helping onboard new team members, building relationships, etc.)
o Demonstrates a company ownership mindset, thinking beyond boundaries of their own area.
Bunge (NYSE: BG) is a world leader in sourcing, processing and supplying oilseed and grain products and ingredients. Founded in 1818, Bunge’s expansive network feeds and fuels a growing world, creating sustainable products and opportunities for more than 70,000 farmers and the consumers they serve across the globe. The company is headquartered in St. Louis, Missouri and has 25,000 employees worldwide who stand behind more than 350 port terminals, oilseed processing plants, grain facilities, and food and ingredient production and packaging facilities around the world.
Bunge is an Equal Opportunity Employer. All qualified applicants will receive consideration for employment without regard to race, color, religion, sex, sexual orientation, gender identity, gender expression, transgender status, national origin, citizenship, age, disability or military or veteran status, or any other legally protected status. Bunge is an Equal Opportunity Employer. Minorities/Women/Veterans/Disabled