Staff Security Engineer (CISO) - CO - 2026
Colombia, Bogota·Posted today
cryptoweb3blockchainfintechcybersecurityinfrastructure
<h2><strong>About Nubank</strong></h2> <p>Nubank was founded in 2013 to free people from a bureaucratic, slow and inefficient financial system. Since then, through innovative technology and outstanding customer service, the company has been redefining people's relationship with money across Latin America. With operations in Brazil, Mexico and Colombia, Nubank is today the largest digital banking platform in the world and one of the leading technology companies in the world, reinventing over 60 million customers' financial lives.</p> <p>Nubank achieved this by offering a no-fee credit card, entirely managed by a mobile app, and a digital account, free of taxes. Nubank also offers transparent and hassle-free personal loans, a business account tailored for SMBs, and life insurance. In 2020, Nubank acquired digital broker <strong>Easynvest, now called Nu invest</strong>, and became the leader in self-directed digital investments in Brazil. </p> <p>Throughout the years, Nubank raised around US$2 billion with some of the best-known growth and technology investors in the world, such as Berkshire Hathaway, Sequoia, DST, Tencent, Tiger, Kaszek, Founders Fund, Dragoneer, TCV, Redpoint, Ribbit, GIC, Whale Rock, Invesco, QED, and Capital Group.</p> <p>Today, Nubank is a global company, with offices in São Paulo (Brazil), Mexico City (Mexico), Buenos Aires (Argentina), Bogotá (Colombia), Durham (United States) and Berlin (Germany). Nubank was founded in São Paulo by Colombian <strong>David Vélez</strong>, and co founded by Brazilian <strong>Cristina Junqueira</strong> and American <strong>Edward Wible</strong>. For more information, visit www.nubank.com.br.</p> <h2><strong>Our challenge:</strong></h2> <p>Technology is not a sector of our business: it's intrinsic to every area at Nubank. We encourage everyone to challenge the status quo. There's no "innovation team" - we hire innovative people for all our positions and encourage them to constantly question decisions to keep finding better ways to do something. Our business is experiencing hyper growth in several dimensions: number of customers, products, international markets and employees., and our engineering team must match that demand.</p> <p>As we grow, we need to:</p> <ul> <li>Relentlessly pursue, indicate and contribute to eradicate threats across complex environments. </li> <li>Report and help solving incidents at scale</li> <li>Work in regulated environments aligning with all the requirements</li> <li>Communicate clearly with external and internal stakeholders such as regulators, managers, etc.., </li> <li>Build solutions that enable faster and more effective incident response. </li> </ul> <h2><strong>You’ll be responsible for:</strong></h2> <ul> <li>Create strong relationships with diverse teams, by coordinating communication between different audiences, teams and stakeholders in english and spanish.</li> <li>Assess security gaps within the organization, in different technologies and business contexts, enabling risk treatment and designing technical action plans as necessary</li> <li>Support compliance with regulatory requirements related to cybersecurity providing visibility and technical guidance on strategies for compliance and possible trade-offs based on risk</li> <li>Working across different technical teams supporting and leading the solution of incidents, issues, regulatory requirements, understanding root cause and improving our security posture by implementing controls and defenses. </li> <li>Develop and implement policies and procedures related to information security, physical security, fraud prevention, and cyber risk management</li> <li>Collaborate with cross-functional teams to understand the business requirements, and translate them into technical specifications and vice-versa</li> <li>Define guidelines and best practices on business security matters that empower Nubankers to perform their work efficiently and securely</li> <li>Support other security engineers, motivating and creating continuous learning in a collaborative environment.</li> </ul> <h2><strong>We are looking for a person who has:</strong></h2> <ul> <li>+ 8 years of experience in Information & Business Security, Privacy, Risk Management and IT Governance disciplines</li> <li>An ability to thrive in engineering environments, interacting with technical teams and being able to jump into technical conversations at least with a theoretical knowledge.</li> <li>Practical knowledge of cloud infrastructure (private or public), microservices and distributed environments.</li> <li>Solid hands-on experience implementing Technical Controls based upon industry best practices, but also challenging the status quo of current security frameworks.</li> <li>Experience working in regulated institutions and environments, interacting with external and internal stakeholders.</li> <li>Knowledge in ISO, PCI, NIST, Mitre ATT&CK and/or CSF frameworks.</li> <li>Experience with Colombian regulation in special the one related to information security requirements for financial institutions </li> <li>Proven strong experience in assessing, designing and implementing security controls</li> <li>Strong inclination towards data-driven decision-making</li> <li>Familiarity with different domains and concepts of cyber and business security, including cybersecurity frameworks and industry standards</li> <li>Excellent communication and problem-solving skills are important to effectively assess and communicate risks to internal stakeholders</li> <li>Strong level of technical understanding, being able to take part in security discussions with Engineers and translate complex, technical projects and concepts for non-engineers and Business Executives</li> <li>Proficiency in English and Spanish.</li> </ul> <h3><strong>Preferred Qualifications</strong></h3> <ul> <li>IT/Security operational background in regulated organizations</li> <li>Infosec Engineering with technical hands on experience</li> <li>Experience collaborating in global projects, with distributed Information security teams.</li> <li>Experience or exposure to SFC audits and controls</li> <li>Experience leading certifications for ISO or PCI for a regulated institution in Colombia</li> <li>Interest in working with regulators at a technical and business level.</li> <li>Natural interest in security operations, coordinating actions with several stakeholders and teams like incident response, defensive security, etc.. in large projects</li> <li>Experience with tools for ticketing, whiteboarding, collaboration dashboarding, and google docs or similar tools for building documentation.</li> </ul> <h3><strong><br></strong><strong>You will fit well if you:</strong></h3> <ul> <li>You thrive in dynamic, fast-paced, results-oriented and diverse teams</li> <li>You are hungry and enjoy being constantly challenged to learn and do more</li> <li>You embrace conflict of ideas and like to question the status quo</li> <li>You learn fast and easily adapt to changing situations and priorities</li> <li>You believe in building great products and doing your best work</li> <li>You are enthusiastic for finding root causes, build things from scratch and deliver solutions</li> <li>You want to understand the big picture, to be held accountable and make a meaningful contribution with your work</li> </ul> <h2><strong>Location</strong></h2> <p>Bogotá, Colombia.</p> <h2><strong>Our Benefits</strong></h2> <p>Our benefits are designed to support your wellbeing, development, and life outside of work. For Colombia, they include:</p> <ul> <li>Chance of earning equity at Nu</li> <li>Extended maternity and paternity leaves</li> <li>Health and life insurance</li> <li>NuCare – our mental health and wellness assistance program</li> <li>Nucleo – our learning platform of courses</li> <li>NuLanguage – our language learning program</li> <li>Vacations of 15 workdays</li> <li>Gym partnership</li> <li>Work-from-home Allowance</li> <li>Parental Consultancy</li> <li>Relocation Assistance Package, if applicable</li> </ul> <p>Even if you feel you don't meet every qualification, we encourage you to apply — your unique skills and experiences may be just what we're looking for, and we're excited to learn more about what you can bring to our team.</p> <h2><strong><br></strong><strong>Work Model for this Role</strong></h2> <p><strong>Hybrid 2–3 times/week:</strong> Our hybrid work model brings us to the office at least twice a week, on strategic days designed to maximize team connection and collaboration. For more details, visit <a href="https://building.nubank.com/nu-hybrid-work-model/"> https://building.nubank.com/nu-hybrid-work-model/</a>.</p> <p> </p>