**Introduction** The Cybersecurity GRC consultant will gain hands-on experience in the critical area of cybersecurity governance, risk management, and compliance. This role offers an excellent opportunity to learn about industry best practices, regulatory requirements, and how organizations operationalize cybersecurity frameworks. **Your role and responsibilities** The Cybersecurity GRC consultant will gain hands-on experience in the critical area of cybersecurity governance, risk management, and compliance. This role offers an excellent opportunity to learn about industry best practices, regulatory requirements, and how organizations operationalize cybersecurity frameworks. Will support the GRC team in various tasks, contributing to the enhancement of our security posture and ensuring adherence to internal policies and external regulations. Key Responsibilities: * Policy & Standards Support: * Assist in reviewing, updating, and documenting cybersecurity policies, standards, and procedures. * Help map internal controls to relevant frameworks (e.g., NIST CSF, ISO 27001, LGPD - Brazilian General Data Protection Law, if applicable). * Risk Management Assistance: * Support the identification, assessment, and mitigation of cybersecurity risks. * Assist in maintaining risk registers and tracking risk remediation efforts. * Participate in risk assessment workshops and data gathering activities. * Third-Party Risk Management (TPRM) Support: * Assist in the onboarding and assessment process for third-party vendors and suppliers. * Help collect and review security documentation from vendors (e.g., security questionnaires, audit reports). * Support the tracking of third-party compliance with contractual security requirements. * Help gather evidence for internal and external cybersecurity audits. * Assist in tracking compliance with regulatory requirements (e.g., LGPD, PCI DSS, etc., depending on company's industry). * Support the preparation of compliance reports and documentation.Compliance & Audit Support: * Documentation & Reporting: * Maintain accurate and organized documentation related to GRC activities. * Assist in preparing presentations and reports for various stakeholders. **Required technical and professional expertise** Qualifications: * Currently enrolled in a Bachelor's or Master's degree program in Cybersecurity, Information Technology, Computer Science, Business Administration, or a related field. * Strong interest in cybersecurity, governance, risk management, and compliance. * Excellent written and verbal communication skills in Spanish and being able to understand and communicate in English. * Strong analytical and problem-solving abilities. * Proficiency in Microsoft Office Suite (Word, Excel, PowerPoint). * Ability to work independently and collaboratively in a team environment. * High level of integrity and attention to detail. **Preferred technical and professional experience** Preferred (but not required) Qualifications: * Basic understanding of cybersecurity frameworks (e.g., NIST CSF, ISO 27001). * Familiarity with data privacy regulations (e.g., LGPD, GDPR). * Experience with GRC tools or platforms. IBM is committed to creating a diverse environment and is proud to be an equal-opportunity employer. All qualified applicants will receive consideration for employment without regard to race, color, religion, sex, gender, gender identity or expression, sexual orientation, national origin, caste, genetics, pregnancy, disability, neurodivergence, age, veteran status, or other characteristics. IBM is also committed to compliance with all fair employment practices regarding citizenship and immigration status.