QuintoAndar is a Brazilian technology company that was created to simplify the lives of those looking for a new home. We are changing the real estate market with a pioneering business model in the world. We have a lot of talented people working to ensure that thousands of people around Brazil live better. Our team already has over a thousand people and we have offices in São Paulo and Campinas. Our product is now available in more than 20 Brazilian cities.
Security and Compliance at QuintoAndar:
Data protection is more than a set of policies and software protection. It should be culture, be nearly automatically applied in every corner of the company. And this is a continuous project, in which we need to guarantee compliance and enhance the care for information security in each project.
As a focused product manager, you will be responsible for guaranteeing such compliance and helping teams prioritize security in their projects. It has to do with tech protection and its applications, confidentiality, integrity, availability, privacy, authenticity & trustworthiness, non-repudiation, accountability and auditability. It also has to do with people, with internal and external communications, with policies and documentation. You will also be responsible for documenting and for guaranteeing that we are following the required rules when dealing with critical information: what we document, how long we keep the data, how we store such data, which tools (e.g. software libs) we are using to process such data, what these tools do and how this impacts our compliance goals.
More specifically, we expect the Data Security Manager to:
- Work with the Information Security (InfoSec) squad, a small team of Software Engineers (and Site Reliability Engineers) that will constantly improve the security of our software environment.
- Educate the company and employees on important compliance requirements.
- Connect with other product managers and engineers that currently handle sensitive information in order to understand how secure is their plan and their status quo, and eventually convince them on the priority of data security and overall compliance.
- Make sure the compliance and security projects in the many teams that deal with are running on time.
- Report to the company and to the stakeholders the status of compliance and security projects.
- Train staff involved in data processing
- Help the InfoSec squad conduct audits to ensure compliance and address potential issues proactively
- Serve as the point of contact between the company and Supervisory Authorities of the LGPD (Lei Geral de Proteção de Dados) or the GDPR.
- Coordinating between product+engineering and the legal team, to make sure we're walking in the right direction.
- Maintain comprehensive records of all data processing activities conducted by the company, including the purpose of all processing activities
- Understand the rights of our clients and make it clear for them what happens to their data
At QuintoAndar you will:
- Work with a top-notch team that uses the best practices and best tools.
- Learn a lot.
- Be part of a high-impact project that will affect many people's lives.
- Have autonomy to make decisions with no endless meetings or bikeshedding.
- Work in an informal environment and horizontal hierarchy.