Why should you join dLocal?
dLocal enables the biggest companies in the world to collect payments in 40 countries in emerging markets. Global brands rely on us to increase conversion rates and simplify payment expansion effortlessly. As both a payments processor and a merchant of record where we operate, we make it possible for our merchants to make inroads into the world’s fastest-growing, emerging markets.
By joining us you will be a part of an amazing global team that makes it all happen. Being a part of dLocal means working with 1000+ teammates from 30+ different nationalities and developing an international career that impacts millions of people’s daily lives. We are builders, we never run from a challenge, we are customer-centric, and if this sounds like you, we know you will thrive in our team.
We do not do “check-box” security, and we don’t do corporate fluff. The Security Department at dLocal is lean, forward-thinking, and operates at the intersection of a hyper-growth fintech and the world's most complex emerging markets. We believe security is a business enabler—not a gatekeeper—and we build our team accordingly.
This is a newly created, senior IC role sitting directly in the CISO's office. We are looking for a Cybersecurity Programs & Delivery Lead who will serve as the strategic execution engine of the security department—someone who takes the CISO's vision and translates it into structured, measurable, and relentlessly driven delivery.
You will work as a peer alongside the Department Heads. Where they own the technical and domain depth, you own the operational backbone that connects everything: strategy to execution, ambiguity to structure, initiative to outcome.
This is not a coordination role. We are not looking for a project manager who tracks tasks. We are looking for a cybersecurity professional who has decided they want to use their subject-matter expertise to drive strategy, own programs end-to-end, and act as a force multiplier across the entire department—without needing direct reports to make things happen.
You will have the CISO and security leadership as your executive umbrella: the sponsorship, the political cover, and the pragmatic air support to make trade-offs and remove blockers. What we need from you is the street-smart execution to take that mandate and run with it.
\nTurn Strategy into Structured Execution
Architect the Strategic Roadmap & OKRs: Partner with the CISO and the security leadership to translate long-term security goals into a multi-quarter, prioritized roadmap. You lead the departmental planning cycles, ensuring our technical debt, compliance needs and innovation projects are balanced against actual team capacity and the company’s needs
Break It Down: Take a high-level CISO security strategy and decompose it into actionable, sequenced delivery plans with clear owners, milestones, and success criteria. You bridge the gap between 'vision' and 'shipped.'
Drive Program Ownership: Own the end-to-end lifecycle of cross-cutting security initiatives—from scoping and stakeholder alignment to delivery and retrospective. You carry the accountability so the technical leads can stay in their lane.
Unblock & Accelerate: Identify bottlenecks, dependencies, and organizational friction before they become delays. You are the person who makes things move when they stop.
Stakeholder Navigation & Change Management
Be the Diplomat: Act as the primary interface between the Security Department and its key stakeholders—Engineering, Product, Operations, Legal, Finance, and Commercial. You negotiate, align, and influence without formal authority, turning security requirements into shared priorities.
Drive Change & First-Line Accountability: Lead the organizational change management dimension of security programs. When a new control, policy, or framework needs adoption, you don’t just communicate it—you own the rollout, the buy-in, and the behavioral change to ensure risk accountability is shifted left to the first line of defense, where it belongs.
Treat Airtime as Currency: Company attention is scarce. Every escalation, steering update, or stakeholder intervention you make must be high-signal and high-ROI. No noise, no generic broadcasts.
Reporting, Metrics & Business Intelligence
Own the Security Dashboard: Build and maintain the single source of truth for the security department's performance. Design and drive the KPIs, OKRs, and program health metrics that tell a clear story to both technical teams and executive leadership.
Make Data Drive Decisions: Translate complex security posture data into crisp, actionable narratives for the CISO, the Board, and key business partners. You turn raw metrics into strategic insight.
Run the Reporting Cadence: Own the rhythm of security reporting—weekly ops reviews, monthly leadership updates, quarterly board packs. You make sure the right information reaches the right audience at the right time, in the right format.
Vendor Management & Budget Support
Manage the Vendor Landscape: Oversee the operational governance of security vendor relationships—contract milestones, SLA tracking, renewals, and performance reviews—in close coordination with Procurement and Legal.
Support Budget Management: Partner with the CISO on budget planning, tracking, and forecasting. You maintain visibility into spend across the security portfolio and flag risks or optimization opportunities proactively.
Build the Security Investment Story: Partner with the CISO & security teams to translate technical requirements into clear business cases for new initiatives. You won’t just track the budget, you’ll define the "value-add" of our security stack to the broader business, ensuring our investments are strategically aligned with dLocal’s hyper-growth and risk appetite.
Automate & Scale
Systematize Everything: Identify manual, repetitive program management and reporting processes and define the workflows clearly enough that our Security Engineering team can automate them. You don't just spot inefficiency—you eliminate it at the root.
AI-Augmented Execution: Leverage modern AI tools to accelerate documentation, stakeholder communications, gap analysis, and program planning—while maintaining strict accuracy and governance over AI-generated outputs.
You Are a Cyber Professional First: You have a solid foundation in cybersecurity—whether from a technical, GRC, or security consulting background. You understand the domain deeply enough to earn the respect of engineers, architects, and compliance professionals without needing a title to back it up.
You Own Outcomes, Not Tasks: You are highly self-driven, proactive, and allergic to ambiguity by choice. You don't wait for a detailed brief—you read between the lines, define the problem, and drive to a solution.
Exceptional Organizational Navigation: High EQ and IQ are non-negotiable. You move seamlessly across organizational levels and functions—from engineering leads to the C-suite—building trust, managing tension, and aligning competing interests with diplomacy and precision.
Disciplined Multi-Threading: You are ruthlessly organized. You manage multiple complex programs simultaneously without losing grip on any of them. Deadlines, dependencies, and stakeholders never slip through the cracks.
Communication is Your Superpower: You write and speak with clarity, economy, and impact. You can distill a complex, multi-quarter security program into a two-minute executive briefing—or a two-page board slide—without losing the substance.
Pragmatic & Street-Smart: You understand the tension between security idealism and business reality, and you know how to find the right trade-off. You are not a bureaucrat; you are a pragmatist who keeps the business moving while managing risk intelligently.
Zero Ego, Full Versatility: You are strategic and senior—and you will still chase people down over Slack, build a tracking spreadsheet from scratch, and sit in a vendor call to take notes when that’s what the moment requires. You don’t confuse seniority with delegation. The work gets done because you make it get done, at whatever altitude is needed.
Background in a fast-paced fintech, payments, or technology scale-up environment.
Familiarity with security frameworks (PCI DSS, ISO 27001, SOC 2, NIST)—not as a compliance checkbox, but as a language you speak fluently with auditors and regulators.
Experience with formal program/portfolio management methodologies (PMI, SAFe, OKRs) or relevant certifications (PMP, CISSP, CISM)—valued but not required.
Experience operating in emerging markets or global, multi-jurisdictional environments.
Prior experience as a chief-of-staff, security strategy lead, or CISO advisor.
You will operate with a high degree of autonomy, sitting at the center of the CISO's office and touching every dimension of the security department. This is a visible, high-trust role. You will be expected to take ownership with minimal hand-holding, make judgment calls under ambiguity, and proactively raise issues before they escalate.
You will not manage a team—but you will influence, align, and mobilize everyone. Your authority comes from expertise, credibility, and the CISO's mandate. If that energizes you rather than frustrates you, this role is built for you.
What do we offer?
Besides the tailored benefits we have for each country, dLocal will help you thrive and go that extra mile by offering you:
- Flexibility: we have flexible schedules and we are driven by performance.
- Fintech industry: work in a dynamic and ever-evolving environment, with plenty to build and boost your creativity.
- Referral bonus program: our internal talents are the best recruiters - refer someone ideal for a role and get rewarded.
- Learning & development: get access to a Premium Coursera subscription.
- Language classes: we provide free English, Spanish, or Portuguese classes.
- Social budget: you'll get a monthly budget to chill out with your team (in person or remotely) and deepen your connections!
- dLocal Houses: want to rent a house to spend one week anywhere in the world coworking with your team? We’ve got your back!
Flexibility in how you work: We focus on impact and productivity over fixed hours. This means our teams have flexible schedules and, depending on your role and location, you will combine self‑managed focus time with moments of in‑person connection in our collaboration hubs.
What happens after you apply?
Our Talent Acquisition team is invested in creating the best candidate experience possible, so don’t worry, you will definitely hear from us. We will review your CV and keep you posted by email at every step of the process!
Also, you can check out our webpage, Linkedin and Youtube for more about dLocal!