As the Security Manager for the LATAM region, I do oversee the product portfolio from a security perspective. Key responsibilities include among others include:- Product Security Maturity:Manage and drive actions aligned with NIST/CCM frameworks to enhance product security maturity.Identify and mitigate risks associated with product security.- Certification Initiatives:Conduct efforts to achieve SOC1 certification for eligible products.- Vulnerability Management:Prioritize vulnerability fixes based on context and CVSS scores.Coordinate resolution of pentest findings with development and DevOps teams.- Incident Response:Conduct tabletop exercises for incident response preparedness in product scope level.Collaborate with the global Computer Incident Response Team (CIRT) during actual incidents.- Disaster Recovery:Assist in the definition, test, documentation and execution of Disaster Recovery plans for relevant products.Work with stakeholders to document scenarios and conduct tests.- Vendor Evaluation:Assess security posture of potential vendors and partners.- Sales Support:Assist the sales team in explaining the product’s security features to customers.

Developed metrics, coordinated projects in Region and executed global projects within the countries under the LATAM operation structure that wer Argentina, Brazil, Chile, Colombia, Equador, Uriguay, Peru and Panama.Created and deployed region awarness actions, seminars for Cyber Month synced in all countries.Incident response in colaboration with Global CERT from Germany.Participation in global change IT structure internal board to bring ideas and insights to CTO and CISO about possible areas of improvements discussed within USA, EMEA and APAC.Active participation on global projects on IT, Security and Data Privacy perpespectives. Key ones were Global Workday project, New Healthcare system and Manufacturing (IT/OT) workplan to improve manufacturing environment security rating.

Information Security & Data Privacy@Information Security, assist in define an road map for Fresenius Medical Care Brazil to improve the actual security maturity level; assist the in the definition of methodology and global tools for information security awareness and Network Security.@Data Privacy, work as Data Privacy Liaison for BR, assisting in the deployment of the global standard on Brazil and coordinate efforts with other areas to identify possible gaps with local regulation.

@ Repsol Sinopec Brasil. Working as the Local Information Security OfficerIdentify and suggest improvements in Information and Cyber Security to keep process, awareness and technology up to date with regulations, internal procedures and business needs.Support Global SOC during possible incidents and investigations.Monitor the implementation of projects to validate that information security needs are been addressed as expected and, if required, propose changes of scope.Define and implement KPIs and KRIs related to user actions, infrastructure, technology and system events to monitor possible events and incidents.Promote awareness actions and propose campaigns. Focal point for internal and external audits. Report gaps related to internal controls and proposed actions suggested to the affected stakeholders.

Worked in projects to identify the current scenario of exposure to technological, operational and strategic risks of companies with billing and/or financial transactions above $ 2 billion annually in thetelecommunications, private equity and oil & gas sectors. Main deliverables and results:- Identification of the organizational maturity level in Information Security- Structuring of action plans distributed in short, medium and long term phases- Identification of estimated investment in capex and opex to support an information security transformation program- Exposure of risk scenarios to organizations' strategies, considering internal and external situations to products, services and long-term strategies- Quantification of risk impacts and structuring of risk maps- Execution of Business Impact Analysis relating information from interviews, internal metrics of incidents, financial statements, operational model and policies- Review and elaboration of policies

Main projects:- Team leader of the Security Office at ANP (Brazilian National Oil & Gas Regulatory Agency) - (2014/2015). Coordinate the investigation of security incidents, implementation and optimization of security solutions acquired by ANP which were SIEM, DLP, IPS/IDS of hosts, Antivirus, Proxy and Vulnerability Scan.- Risk Management and Business Continuity at TIM Brasil Mobile Company - (2008/2010 – 2012/2014). Conducted Risk Assessment and business continuity with telecommunication services resilience as the main scope. Used qualitative and quantitative metrics to assess risk and continuity management.- Risk Analysis at Lafarge Cement and Concrete Brasil - (2011).Risk Analyses of the industrial, commercial and process units of the main factories and offices.The main objectives were to identify the exposure to risks associated to safety (operational and criminal), maintenance and logistical.- Auditing the Infrastructure of the Fare System of Public Transportation in Rio de Janeiro (Bilhete Único) - (2010).Conducted part of the analysis related to IT and infrastructure. Also presented the final reports with the gathered information.The objective was to identify possible situations of fraud, misconduct, service disruption and the correct usage of the billing fare system.

Maintained and operated the pre-paid cellular system. I also conducted analyses of proposed changes to the system. The main activities were the identifications of failures at its early stages to avoid service disruption and cases of misuse and malpractices conducted by clients.The most relevant discovery I made of malpractice of users was the detection of a system glitch that allowed clients with old phones to obtain illegal rented credits.

Maintained the national satellite backbone operational from 2000 to 2004. After 2005, the NGN (Next Generation Network) services were added to the scope of operations. Provided support for troubleshooting critical failures.Also in 2005 I was transferred to the unit that implemented, planned and maintained the first national VoIP services operated as a conventional phone service. This product is still operational and is the second in its market share scope.