Grupo Financiero Banorte

Responsible for the delivery and implementation of security controls for the following services for the Gentera group• Servers: Wintel, Linux, AIX, Vmware• Telecommunications: LAN, WAN, Wireless, Voice.• Databases: Sql, Oracle, DB2.• Middleware: WAS, Weblogic, IIS, Weblogic.• Security Systems (Firewall, VPN, Web Content Filtering, AntiSpam, Web ApplicationFirewall, Application Firewall, Data Loss Prevention, Antivirus, PGP, Encryption of End Points, Hardening of platforms, CyberArk, Monitoring of penetration tests and vulnerability analysis, patch management)• Access management: Applications and infrastructure.• Audit: Follow up to all internal requirements of Information Security, Internal IT Control, Internal / External Audit.• Supplier management, Contracts, SLAS.• Budget management• Participation in risk committees and audits.• Monitoring for the execution and testing of the disaster prevention plan (DRP)• Implementation and updating of security policies. (Authentication, Encryption, Information Exchange, Systems Assurance - Hardening, Use of electronic media)

Responsible for Information Security and Business Continuity Areas, attending large Government Contract.Information SecurityDevelop and Implementation of Annual Security program for:Operation Services:Firewall, VPN, IPS, DDoS, AntiSpam, WebFiltering, Web Application Firewall, DataBase Firewall.Consulting Services:Vulnerability Management, Penetration Testing and Infrastructure HardeningBusiness ContinuityDevelop and Implementation of BCP / DRP Methodology Based on ISO22301Business Impact AnalysisRisk Analysis Recovery StrategiesCrisis Management PlansRecovery PlansTraining and test planWorking together with Applications, Infrastructure, Telecomm and Business areas in order to get a successful in DRP executions.Incident and Customer Management, responsible for SLA, Audit and Contract Compliance.

Information Security Risk / Manager at Application Security• Generate a plan to perform a Full Security Risk Assessment for all the critical applications of the finance institution. Project management.o Certify the compliance with all the local and global standards o Sarbanes Oxley o Local Bank Regulation for Electronic Media Applications (Personal Internet Banking, ATM, Mobile Banking and Point of Sale) o PCI DSS (Payment Card Industry – Data Security Standard) o Federal Law for data privacy • Attention and follow up for local and global Audits.• Risk management, follow up with technical and business areas to generate remediation plans and risk acceptance.• Participation in global committees and forums about security application.• Communication between Risk and business areas.• Incident management for application security issues.• Design, validation and implementation security standards.• Implementation of a Risk Governance process between the Software Delivery, IT Operations and Business areas in order to establish the methodology to attend and remediate the plans according to the impact level and information classification, this process helps to reduce the times and costs of risk mitigation projects.

IT Deputy Director• Development and implementation the IT and Security Strategy• In charge of the development project for a Quote and administration system. Implementation of the following modules:o User administration o Authenticationo Data Input Validation and security controls• Design and implementation of regulatory and compliance controls• Budget management• ITIL V3 Implementationo Service level agreements generation for all the main processes of the area. o Manual process automation.

Descripción de actividades:• Desarrollo de funciones como Gerente de Operaciones. Área de Seguridad Informática• Administrar personal, generar planes de trabajo.• Administración y trato con proveedores, para adquisición y manejo de distribuciones.• Respuesta a Licitaciones/RFP• Trato directo con el cliente para seguimiento de cuentas.• Búsqueda de nuevos proyectos.• Coordinación e implementación de proyectos:o Deep Packet Inspectiono Cifrado de Voz y Datoso Hardening de infraestructurao Auto Configuration Servero Inteligencia Artificial y video Analiticoo Plataforma Fotigate-Fortinet y Radwareo Sky FiberUbicación del proyecto: México DF.Otros: Seguridad de la Información, Administración de proyectos, Administración de personal, Implementación y desarrollo de producto.