In summary, responsibilities include: • getting processes and procedures compliant to security requirements. • performing risk assessment, internal controls, follow-up meetings;• managing security certifications (ISO27001, SOC2, ...); • audits;• providing counseling in regards to security compliance.

As member of the GRC team I was responsible for assessing the processes and controls regarding IT Security and provide guidance on compliance. My activities inclueded but were not limited to:• Assessing and auditing IT processes and controls based on CIS framework. • Presenting the results of the assessments to the clients and the Lead Team. • Monthly follow-up meetings.• Prioritizing critical controls and supporting the implementation of new ones arising from security incidents. • Perfoming audit tests in order to verify if the controls are compliant to policies and procedures. • Verifying controls are compliant to ISAE 3402 (SOC I).• Identifying gaps through documental analysis. Identificação de falhas, gaps nos controles e/ou processos através de análise documental.• Notifying critical CVEs reported by the Blue Team.• Facilitating the comunication between the customers and the other Security teams (Blue Team, Red Team, Csirt) for support and technical discussions. • Contacting providers for quotation of new tools and solutions and licenses acquisition. • Suppoting customers on subjects related to Compliance and process methodology. In this position I was also able to acquire some knowledge on Cloud Platforms (AWS, Azure).

As a Compliance Tester I performed audit assessment based on Alcoa ASAT (Alcoa Self-Assessment Tool) methodology for IT protocols for Alcoa entities across the globe. Focus in SOX requirements and COBIT best practices. My activities included but were not limited to: - Performing tests to verify controls and processes are compliant with the company's policies, procedures and standards (some of the subjects covered are: Change Management, Disaster Recovery Plans, Accounts Management, Password Policy, Customer Support, Data Privacy, Project Management, Scheduled jobs/Interfaces, Business Strategy and Governance, Contracts and SLA’s, Facilities access and security, Backups, ...)- Identifying and raising gaps/findings,- Monitoring and supporting the entities with their findings and action plans. - Weekly meetings with customers to align status and progress of testing and other topics related to work completion. August 2018: Special Auditor Program:I was invited to participate of an IT audit in one of Alcoa's plant, Warrick Operations, located in Newburgh, IN. I spent 2 weeks auditing IT processes and my focus was Change Management. October, 2019: ASAT Re-write Workshop (Phase 1) at Alcoa Corporate Center in Pittsburgh - PA:2 weeks workshop dedicated to reviewing and rewriting part of the IT protocols used for ASAT testing in order to update it and better align the requirements and assessments with COBIT best practices,