INFLEET is Brazil's first intelligent copilot for fleet management. Our mission is to connect data from telematics, video, and logistics systems to deliver insights that reduce accidents, optimize costs, and increase our clients' sustainability.
As we grow at least 100% year over year and expand into Enterprise accounts, information security shifts from a support function to a strategic business lever. We are looking for an Information Security Specialist to operate INFLEET's security and compliance program hands-on: helping us achieve ISO/IEC 27001:2022 certification, keeping our GRC platform healthy, and turning security into something that unblocks Enterprise deals instead of slowing them down.
At INFLEET, we believe in "operate on all levels". This is a hands-on, executor role: you will spend your days inside audit logs, GRC platforms, evidence pipelines, and security questionnaires, not only writing policy.
Intensity to win. We believe extraordinary results are born from relentless focus, resilience, and a deep-seated passion for overcoming challenges. This intensity fuels our commitment to excellence and ensures we never settle for "good enough".
Partnership that creates value. We understand that sustainable success is never built in isolation. We thrive by creating win-win relationships, aligning our goals with our clients and colleagues to build mutual, lasting growth. Our success is measured by the success we create for others.
Autonomy that learns. We believe that innovation and agility come from empowerment. We trust our teams to take initiative and make decisions, knowing that every outcome, whether a success or a challenge, is a crucial opportunity to learn, adapt, and grow smarter.
Your mission is to put INFLEET's information security program into practice. You will work side by side with the Head of Platform (who owns DevOps and Security strategy) to execute the roadmap that takes us through ISO/IEC 27001:2022 certification and keeps the program running afterward.
You will be the person who operates the controls day to day: configuring Drata, collecting and organizing evidence, answering Enterprise security questionnaires, building the Trust Center, and keeping our compliance posture always audit-ready.
This role reports to the Head of Platform, who owns the overall DevOps and Security strategy, the relationship with the executive team, and the program direction. You provide the execution muscle behind that program.
You will not manage a team. Your impact comes from doing the work well and from partnering closely with DevOps, Engineering, Product, HR, Legal, and Operations to keep every control with a clear owner and a working evidence pipeline. As the program matures, the security function will grow and your scope can grow with it.
In your first 12 months, expect roughly 70 to 80% of your time on ISO 27001 certification, the Trust Center, and Enterprise security questionnaires. Other workstreams (AI Security, vendor risk, awareness, tabletop exercises) start lean and mature progressively.
Fully remote, with 4 on-site gatherings per year in São Paulo.
Operate the ISO 27001 program: Execute the work behind INFLEET's ISO/IEC 27001:2022 certification, maintaining the Annex A controls, preparing evidence, and supporting the Head of Platform as the focal point with external auditors.
Run the GRC platform: Configure, maintain, and scale Drata, integrating evidence sources (cloud, identity, endpoint, HR), automating collection, and keeping the compliance posture visible and audit-ready.
Answer Enterprise security questionnaires: Respond to SIG, CAIQ, VSAQ, and custom Enterprise RFPs, and build a reusable answer library that scales with the sales team.
Build and maintain the Trust Center: Help stand up and operate a public-facing Trust Center showcasing certifications, policies, subprocessors, and incident SLAs.
Support secure SDLC and AI Security: Help embed security into the development lifecycle (SAST/DAST/SCA, security-focused code review) and apply the guardrails for responsible use of generative AI tools (Cortex, Copilot, Cursor).
Risk and vendor management: Keep the risk register up to date, support risk assessments for new initiatives, and run the vendor risk assessment process for critical partners (BaaS providers such as Swap, AWS, Chinese ODMs, productivity SaaS).
LGPD and privacy: Support Legal on data mapping, lawful basis for processing, and data subject rights.
Security culture: Run the awareness program, phishing simulations, and security onboarding across teams.
Hands-on contribution: Go deep when needed, whether reviewing an AWS IAM policy, configuring a Drata integration, writing an incident runbook, or personally answering a 300-line Enterprise security questionnaire.
Solid security experience in information security, GRC, or DevSecOps, having participated in at least one ISO 27001 and/or SOC 2 certification process (as a contributor, not necessarily as the lead).
Hands-on GRC platform experience: Practical experience operating Drata, Vanta, Sprinto, Secureframe, or similar, including evidence integrations and day-to-day operation.
Foundation in at least one area: Working strength in one of the following, with curiosity to learn the others: (a) GRC and compliance (ISO 27001, SOC 2, LGPD), (b) Cloud Security and DevSecOps (AWS, IAM, container security, IaC scanning), or (c) AppSec and Secure SDLC (threat modeling, SAST/DAST, code review).
Collaborative profile: Comfortable getting outcomes by partnering with engineering, product, and operations teams rather than gatekeeping.
AI fluency: Daily use of AI tools (Claude, ChatGPT, Cursor, Copilot, or similar) and awareness of the risks generative AI brings to security and software development.
Cloud familiarity: Working knowledge of AWS, CI/CD, and ideally Kubernetes, Terraform, and observability practices.
Enterprise questionnaire experience: Exposure to SIG, CAIQ, VSAQ, or custom Enterprise security questionnaires.
Operate on all levels: Comfortable balancing organized, methodical work with hands-on execution.
Certifications such as ISO 27001 Lead Implementer / Lead Auditor, AWS Security Specialty, CompTIA Security+, CISM.
Prior experience in startups or scale-ups growing 100%+ year over year.
Familiarity with PCI-DSS (relevant for our fintech initiative, INFLEET Pay) or Brazilian Central Bank resolutions.
Working knowledge of AI security frameworks (OWASP Top 10 for LLMs, NIST AI RMF, MITRE ATLAS).
Familiarity with video telematics, IoT, or embedded hardware (device security, secure OTA, protection of video and location data).
Hands-on Security Engineering background (Python automations, SIEM integrations, custom detections).
Benefits of being INFLEET
- Collaborative and flexible environment;
- Day Off on your birthday month;
- Wellhub;
- Meal Allowance (Caju card) R$1.000,00;
- Home Office Allowance (Caju card) R$150.00;
- Health and Dental Insurance (100% covered by INFLEET);
