Lead the Cybersecurity GRC Program - Ensure compliance with business and regulatory requirements for cybersecurity. - Develop and maintain a comprehensive cybersecurity framework, policies, and procedures. - Collaborate with cross-functional teams to establish and maintain effective governance structures.Ownership and Management of SOX ITGCs - Ensure controls are designed and maintained to meet SOX compliance standards. - Conduct regular reviews and assessments of ITGC controls to identify and address any deficiencies. - Collaborate with internal and external auditors to support SOX compliance efforts.Spearhead Communication and Awareness Programs - Develop and execute cybersecurity awareness and training programs for employees, new hires, contractors, and other stakeholders. - Ensure that all personnel understand and adhere to cybersecurity policies and standards. - Foster a culture of cybersecurity consciousness across the organization.Vulnerability Management - Own the Vulnerability Management program, ensuring regular scanning and evaluation of applications and services for new vulnerabilities. - Track and monitor remediation plans to address identified vulnerabilities in a timely manner.Cybersecurity Policy Development - Develop and manage cybersecurity policies aligned with industry best practices. - Continuously monitor and update policies to reflect evolving cyber threats and regulatory requirements.Ownership of Business Continuity Planning (BCP) and Disaster Recovery - Develop and maintain business continuity and disaster recovery plans to ensure the organization's resilience. - Document and manage continuity plans and disaster recovery procedures. - Conduct regular testing and exercises to meet our company's requirements for Recovery Time Objective (RTO) and Recovery Point Objective (RPO).

Implement and manage a firm-wide program to monitor, test and validate compliance with internal cybersecurity policies, standards, and external requirements (e.g., certifications, laws and regulations).Define and oversee the Deloitte global ISO 27001 program by providing support to Global member firms, ensuring ISO 27001 certifications remain in good standing.Overseeing a team of 10 FTEs in the US and the UK, including Senior Managers and Managers, and a budget of over $4 million assigned for the next generation cybersecurity compliance program.Design, build and implement a cybersecurity integrated controls library, mapping policies and standards to controls, defining criteria for controls testing and ongoing monitoring, including automated procedures for testing.Design and manage the implementation of cybersecurity compliance processes and workflows on Deloitte’s GRC Tool, ServiceNow.Manage and maintaing the mapping of cybersecurity controls to frameworks and industry standards such as ISO27001, ISO27017, ISO27018, TISAX, NIST, SOC 2, PCI-DSS and other applicable standards, allowing for a more optimized controls testing that would reduce assessment fatigue and re-use of testing information.Design and implement a compliance program for Deloitte’s global shared services, providing assurances to member firms across the globe that services are in compliance with cybersecurity standards and policies.Integration of our cybersecurity controls library with Deloitte’s risk management framework and cybersecurity maturity assessments, allowing for a risk-based approach to controls testing. This integration also enables feeding back data related to controls testing to the risk management framework, ensuring a more accurate calculation of residual risk based on actual controls effectiveness.

Working in a fast paced, complex business environment, operating in over 20 Countries across Latin America and the Caribbean, leading the Cybersecurity Governance, Risk and Compliance organization for this culturally diverse organization.Developed and implemented a set of Information Security Policies and Standards aligned with leading industry standards such as ISO27001, ISO27017, ISO27018 and NIST, among other frameworks, to support LLA’s Global Cybersecurity Program, as well as business and regulatory requirements such as SOX.Designed and Implemented an Information Security Risk Management framework to ensure risks are identified, analysed, evaluted and treated according to their criticality to our business. Our risk management team works very closely with several areas of the business and control owners to conduct regular risk assessments, maintaining an updating our risk register.Overseeing of LLA’s Cybersecurity Compliance program, managing control self-assessments and directly overseeing internal and external audits for SOC 1 Type 2 / ISAE3402, SOC 2 Type 2, ISO27001, and PCI-DSS, as well as managing Client’s requests for audits.Implemented the RSA Archer platform to support LLA’s Information Security GRC program, enabling more effective management, reviews and improvement of our policies and control procedures, as well as supporting key compliance activities such as risk assessments and tracking of findings, remediations and exceptions.Developed and implemented a comprehensive Cybersecurity communication and awareness program, inlcuding the rollout of Knowbe4. Our program delivered cybersecurity training and conducted security testing and social engineering simulations to evaluate the organizations’ preparedness in dealing with threat scenarios.Planned and implemented a multi-year Data Governance Program, with the objective of establishing a control framework to protect our information in accordance with our data classification policies.

Developed the business case and conducted negotiations with key executives at Pink Elephant – a premier global training, conference and consulting service provider in the area of IT Service Management and Business Management best practices – for the startup of the Brazilian office in 2004.Developed marketing and sales strategies for the Brazilian market, including the localization of key consulting and training products.Responsible for managing large consulting contracts with customers, acting as strategic advisor and ensuring that services would be delivered according to scope, time and budget.As business leader and strategic advisor, coordinated and collaborated with client’s cross functional stakeholders during escalated customer facing calls regarding staff, processes and any delivery issues. Trained and coached both the Service Delivery and Sales Executives teams, ensuring our staff is prepared to work under pressure, and be prepared to address a wide range of customer issues, managing expectations and de-escalating tensions when needed. Defined and implemented performance and operation metrics and objectives for the Service Delivery team, ensuring that key and strategic accounts receive consistent and world class service. Conducted business development negotiations with high profile companies in Brazil, liaising with C-Level executives in several areas ranging from IT, Finance and Purchase.As key note speaker and panelist, delivered several presentations on IT Governance and Service Management best practices, and how to lead successful cultural change programs.As an ITIL subject matter expert and experienced professional, acted as lead instructor in ITIL courses across the Brazilian market and abroad, delivering training classes in all ITIL Certification levels – Foundation, Practitioner and Expert.

Supervised a team of 10 FTEs in charge of gathering requirements from customers, designing the solution and providing support to the sales account manager of the IDC and Hosting Services for BrasilTelecom.Responsible for delivering pre-sales presentations and act as the technical advocate of the IDC's services, including infrastructure and platform as a service (IaaS and Paas), managed network and other services in the portfolio.Worked closely with IT teams to define implementation plans and SLAs according to customer requirements.Enabled customer success by ensuring that our team of subject matter experts were maximizing effectiveness and consistently meeting our design and delivery goals, delivering world class solutions to a wide range of customers in Brazil.

Responsible for the IT Infrastructure team of this major mobile telecommunication company with over 2 million subscribers.Coordinated the implementation of IT processes, with special focus on Change and Incident Management.Managed an annual budget of USD 2.5 million dolars to ensure normal operations as well as bring innovative solutions to support the Business.Supported activities related to the merger with ATL Telecommunications, based out of Rio de Janeiro, to form what is now known as Claro, a company belonging to Telmex.Negotiated several contracts with major Software and Hardware vendors maximizing the IT annual budget.