Why should you join dLocal?
dLocal enables the biggest companies in the world to collect payments in 40 countries in emerging markets. Global brands rely on us to increase conversion rates and simplify payment expansion effortlessly. As both a payments processor and a merchant of record where we operate, we make it possible for our merchants to make inroads into the world’s fastest-growing, emerging markets.
By joining us you will be a part of an amazing global team that makes it all happen. Being a part of dLocal means working with 1000+ teammates from 30+ different nationalities and developing an international career that impacts millions of people’s daily lives. We are builders, we never run from a challenge, we are customer-centric, and if this sounds like you, we know you will thrive in our team.
About Us & The Role
We do not do "check-box" compliance, and we don’t do corporate fluff.
Within the Security Department, under the guidance of the CISO and security leadership, our GRC and Assurance team operates with a street-smart, pragmatic approach. We are looking for a versatile, self-driven Senior Cyber Assurance Partner to completely disrupt how we handle Third-Party Risk Management (TPRM).
Traditionally, TPRM is a bureaucratic bottleneck—sending 200-question spreadsheets and blocking procurement for months. We don't want that. Our business relies on hundreds of third-party providers globally—including payment processors, financial institutions, infrastructure providers, and technology vendors—often in emerging markets where there is a gap between standard compliance checklists and actual operational security reality.
We need a visionary builder who hates the traditional TPRM status quo. You will operate at the intersection of vendor governance, security assurance, and enterprise risk management to help us implement and scale our global Payment Processor Assessment Framework. You will build a pragmatic, tiered system that skips deep reviews for low-risk vendors so the business can move fast, while focusing intense scrutiny on critical partners. You will define technical flows for AI agents to chase vendors, extract data, and shift accountability back to the business owners.
You don't need to be a software developer, but you must be highly technical, AI-fluent, and capable of working with our security engineers to build automated workflows. Most importantly, you must have the grit to roll up your sleeves and do the manual work with your own hands until those automated systems are fully built. You will have the CISO and security leadership as your executive sponsors to make pragmatic trade-offs and drive results.
\nDisrupt & Automate TPRM: You will design and implement automated workflows and AI agents that handle the heavy lifting of TPRM (e.g., chasing vendors for documentation, chasing internal owners, instantly parsing SOC2 reports). You will define these flows technically so our security engineers can build them, or build them yourself by expertly leveraging AI capabilities while ensuring strict data accuracy and hallucination governance.
Govern the Payment Processor Framework: You will be the mastermind behind our global assessment framework. You will own the standard, tune the risk-scoring models, and analyze the technical findings from our external assessment vendors to separate mature partners from those requiring strict compensating controls.
Pragmatic Risk Tiering: You will build a system that moves at the speed of the business. You will actively design fast-tracks that skip deep security reviews for low-risk vendors, reserving deep technical verification (bridging the "paper vs. reality" gap) for critical, high-risk processors in emerging markets.
Shift Left & First-Line Accountability: Partner with the CISO and security leadership to ensure the Security team is not the bottleneck. You will give business leaders the transparent data, tools, and rules they need to accept or reject vendor risk, shifting accountability to the first line of defense where it belongs.
Strategic Advising on Compensating Controls: When a critical vendor has a high risk score but is a business necessity, you will act as the pragmatic advisor. You will define the strict operational compensating controls (e.g., volume caps, daily reconciliation) required to safely enable the business.
Roll Up Your Sleeves: We need a visionary who executes. While you are designing the automated future, you are fully willing to dive into the trenches, review documentation, and run the assessments manually with your own hands.
Proactive Ownership & Disruptive Vision: You hate the slow, bureaucratic status quo of traditional risk management. You are highly motivated, self-driven, and proactively find ways to bypass bottlenecks and deliver results.
Hands-On Grit: You are not an "ivory tower" architect. You have the humility and work ethic to do the manual assessment work yourself while simultaneously building the automation that will eventually replace that manual effort.
AI Fluency & Technical Translation: You are deeply comfortable in technical AI environments. While you don't need to be a traditional coder, you can logically map out complex technical workflows and communicate them flawlessly to security engineers to build.
High EQ, IQ, & Organizational Navigation: You read people well and can seamlessly navigate a complex corporate landscape. You know how to negotiate with Procurement, Legal, and Business Leaders, finding pragmatic compromises between strict security and business velocity.
Disciplined Multi-Threading: You are highly organized and disciplined. You are comfortable multitasking and "multi-threading" across diverse priorities—from reviewing a critical payment processor to designing an AI workflow—without losing focus or dropping the ball.
Pragmatic & Impact-Driven Mindset: You understand that blocking a vendor costs the company money. You focus on what actually reduces risk, adds value, and maintains compliance while supporting aggressive business growth.
Exceptional Communication: Strong written and verbal communication skills in English. You can distill complex third-party security risks into simple, actionable business decisions for executive leadership.
Deep understanding of payment processors, financial institutions, fintech ecosystems, and the unique cybersecurity challenges of emerging markets.
Familiarity with security and compliance frameworks (PCI DSS, ISO 27001, SOC2), but more importantly, the ability to spot when these are just "paper compliance."
Experience building or heavily integrating with modern GRC, risk management, or procurement platforms.
You will operate with a high degree of autonomy. You will take the CISO and security leadership's vision, use your street smarts to figure out the "how," and execute. This is a senior role for someone who wants to make a visible impact, build relationships across the globe, and redefine what modern, pragmatic security governance looks like.
What do we offer?
Besides the tailored benefits we have for each country, dLocal will help you thrive and go that extra mile by offering you:
- Flexibility: we have flexible schedules and we are driven by performance.
- Fintech industry: work in a dynamic and ever-evolving environment, with plenty to build and boost your creativity.
- Referral bonus program: our internal talents are the best recruiters - refer someone ideal for a role and get rewarded.
- Learning & development: get access to a Premium Coursera subscription.
- Language classes: we provide free English, Spanish, or Portuguese classes.
- Social budget: you'll get a monthly budget to chill out with your team (in person or remotely) and deepen your connections!
- dLocal Houses: want to rent a house to spend one week anywhere in the world coworking with your team? We’ve got your back!
Flexibility in how you work: We focus on impact and productivity over fixed hours. This means our teams have flexible schedules and, depending on your role and location, you will combine self‑managed focus time with moments of in‑person connection in our collaboration hubs.
What happens after you apply?
Our Talent Acquisition team is invested in creating the best candidate experience possible, so don’t worry, you will definitely hear from us. We will review your CV and keep you posted by email at every step of the process!
Also, you can check out our webpage, Linkedin and Youtube for more about dLocal!