Collaborated closely with CISOs across diverse industries, including Retail, Gas & Power, Media, Tech Giants and Safety Organizations, showcasing adaptability in tailoring security strategies to varying contexts while adhering to stringent financial constraints.Played a pivotal role in a critical corporate demerger scenario, devising an all-encompassing security strategy that seamlessly aligned with the restructuring plan. This strategic roadmap ensured the transition of security measures and controls, adeptly navigating the complexities of budget considerations. Led the thorough review and reallocation of budget allocation for security initiatives, identifying and capitalizing on cost-saving opportunities, and optimizing resource allocation. This meticulous approach successfully heightened security measures while streamlining expenditure.Formulated a robust cybersecurity framework seamlessly aligned with business objectives and industry standards. Oversaw the refinement and development of policies and standards firmly grounded within this framework, fostering a resilient security posture. Initiated the establishment of a comprehensive cybersecurity risk management framework. This encompassed the creation of a thorough risk register and the initiation of risk quantification efforts, empowering strategic decision-making with a keen eye on potential financial impacts.Accomplished a significant milestone through security tool rationalization, effectively identifying redundant technologies. This endeavor led to substantial cost reduction, exceeding $1 million in annual contract expenses. (For an organization with $4 million in cyber tool budget)

Responsible for orchestrating collaborative efforts across diverse business units to execute the Information Security and Privacy strategy defined by the CISO. Developed and implemented Key Performance Indicators (KPIs) and Key Risk Indicators (KRIs) for Information Security, delivering comprehensive bi-weekly reports to senior management and executives. Led and mentored a team of security professionals, elevating their performance and skill sets. Continuously evaluated and refined the organization's security stance, driving executive consensus and overseeing the implementation of risk-aligned security measures. Identified and capitalized on cost reduction opportunities by strategically outsourcing Third Party Risk Assessment and Security Awareness Training. Pioneered the integration of cutting-edge security technologies and techniques, enhancing security capabilities and resilience. Championed the infusion of security into the Agile Software Development Lifecycle and CI/CD processes, introducing SAST, SCA, and DAST tools for ongoing monitoring. Provided strategic technical direction to security managers in alignment with business and security strategies. Steered a remote, diverse team through the COVID-19 crisis, launching "Wellness Wednesdays" to prioritize employee health and morale. Cultivated a culture of positive leadership, motivation, and peer support, fostering an environment of continuous excellence.Laureate is a multi-billion dollar publicly traded company that provides global access to high-quality education and degree programs. Laureate's longstanding commitment to operating with purpose is evidenced by their status as one of the world’s largest Certified B Corporations® and the first Public Benefit Corporation publicly listed on any stock exchange in the world.

Led the enhancement of the Third Party Risk Management (TPRM) program, integrating Quantitative Risk Assessment alongside Qualitative Risk Assessments. Actively represented the Information Security Department at IT Architecture Board Meetings and played a pivotal role as the Security Point of Contact (POC) during SCRUM sessions. Orchestrated the development and oversight of the Enterprise Vulnerability Management program, introducing a streamlined process to document and communicate risks to business stakeholders effectively.Initiated and guided the Security Awareness team, overseeing continuous training initiatives and implementing rigorous phishing simulations. Achieved an impressive 99% training completion rate among employees. Held accountability for team members' career growth, overseeing quarterly performance reviews, and judiciously allocating bonuses in alignment with achievements and contributions.

Created and implemented a comprehensive suite of Information Security Policies, Standards, Procedures, and Guidelines, ensuring strict adherence to industry benchmarks including ISO27002, NIST800-53, HIPAA, GDPR, LGPD, PCI-DSS, and CCPA regulations. Successfully launched an organization-wide Security Awareness Training initiative for a diverse workforce of over 40,000 employees, achieving an impressive 60% reduction in click rates for phishing incidents within a year of launch.Pioneered the establishment of a global Multi-Factor Authentication (MFA) program at Laureate, collaborating seamlessly with diverse regions including Brazil, Mexico, Europe, and Peru for a phased rollout. Led a multinational team of four, overseeing comprehensive training, communication, and customer satisfaction efforts. Additionally, formulated and introduced a robust Secure Software Development Lifecycle (SDLC) program, providing essential training to developers on secure coding principles and best practices.