Conducted comprehensive information security framework and regulatory assessments, ensuring compliance with applicable federal and industry regulations. Led the security controls process, providing valuable recommendations for control procedures and mapping controls to security requirements. Developed and implemented a comprehensive control library, promoting efficient and effective security measures. Actively participated in the risk assessment process, evaluating and addressing cyber-related risks to safeguard organizational assets. Deployed, configured, and maintained state-of-the-art vulnerability scanning solutions, adhering to industry best practices and organizational requirements. Collaborated closely with IT and security teams to design and maintain vulnerability management policies and processes. Analyzed vulnerability scan results to identify critical issues, prioritizing remediation efforts for timely resolution. Fostered a culture of information security awareness by promoting best practices and ensuring compliance with company information security policies and standards. Demonstrated a strong commitment to continuous improvement and professional growth within the information security field.

As an external consultant, I established relationships with companies and clients, interpreted and applied standards, policies, best practices, and analyzed threats and vulnerabilities, and designed the system security strategy and architecture. Led team integration and promoted the use of security requirements for the system development lifecycle across multiple IT projects. Analyzed data security controls to identify weaknesses and designed strategies to address gaps and compliance with ISO 27000, PCI DSS standards as a basis for risk management assessment. Design and implement guidelines to develop secure software under agile methodologies, database monitoring, and data encryption. Implement security education and awareness plans. Execution of technological evaluations of processes, suppliers, and services. As well as evaluating contracts, SLA's, and SOW's to derive the best value proposition. Review of business continuity and disaster recovery plans, addressing critical short-term and long-term business requirements.

As an Information Security Officer (ISO), I provide the vision and strategies necessary to guarantee the confidentiality, integrity, and availability of the bank's electronic information by communicating the risk to senior management, creating and maintaining enforceable policies and support processes, and ensuring compliance with regulatory requirements, including networking and firewall management. This involves coordinating activities with other departments, such as evaluating, acquiring, and deploying security-related products (e.g., intrusion detection systems, SIEM solutions), and developing and coordinating information security awareness and education programs. Additionally, I manage information system regulatory compliance to meet updated guidelines, ensure that disaster recovery and incident response plans exist throughout the bank's systems, and conduct regular testing and updates to these plans.IT Manager (Additional Functions Since 2015). Lead the IT department with a focus on project management and organizational planning. Maintain platforms, manage provider contracts, and negotiate supplier service level agreements.

Lead and coordinate efforts in the prevention of electronic fraud. Establish and apply regulatory information security procedures of regulators and best practices. Coordinate preventive audits and penetration tests on the platform. Select, evaluate, install and certify the tools and/or devices of Computer Security (Firewall, IDS, VPN, Antivirus, Content Filters, Domain Controllers, etc.] Establish procedures for the protection of data transmitted over the network, through encryption techniques in equipment and applications.