• Hands-on executive, responsible for defining and delivering the Information Security Roadmap, which led to the achievement of the company's first SOC 2 Type II certification in June 2024.• Implemented key security controls and policies, such as: Artificial Intelligence (AI), Risk Management, Disaster Recovery, Cloud Security, Access Management, Role Based Access Controls (RBAC), Change Management, Software Development Lifecycle, Incident Response, Security Awareness Training, Vendor Management and Due Diligence, Vulnerability Management, Security Log Review and Endpoint Protection;• Implemented and streamlined IT Support and internal systems processes and established the IT budget.• Coordinated endpoint and perimeter security controls in the cloud (SecOps), working in close partnership with DevOps.

• Structured and implemented company-wide Information Security policies, procedures, and the Information Security Roadmap, while keeping the Risk and Control Matrix up to date.• Implemented key security controls such as Role-Based Access Control (RBAC), Data Loss Prevention (DLP), Device Trust, and Control Self Assessment, improving security posture.• Led the Security Awareness Program by developing targeted application security training for developers.• Served as the main point of contact for due diligence audits from financial institutions and external auditors, achieving zero gaps for two consecutive years (SOC 2 and Nacha).• Collaborated with the DevSecOps team on cloud platform security, vulnerability management, disaster recovery, and cloud Data Loss Prevention, and supported legal and business teams in reviewing agreements concerning data privacy and security.

• Specialist in Data Privacy (GDPR/LGPD) and CVM 88 (formerly CVM 588) Instruction based audits for investment fund electronic platforms.• Responsible for cybersecurity, risk management, audit/CAAT (Computer Assisted Audit Techniques), compliance and governance consulting services in the region.

• Implemented the Data Loss Prevention (DLP) Program across Latam, leading workshops, coordinating the DLP Steering Committee, and addressing information incidents, resulting in the program's global adoption due to its success in data protection.

• Led a team of 8 in Cyber Incident Response, Forensics, Brand Monitoring, and Data Loss Prevention, while managing contracts and budgets, and implementing global security initiatives like Full Packet Capture, Deception Grid, and SIEM.

• Led the Business Impact Analysis (BIA) for implementing the Disaster Recovery Plan (DRP) and Business Continuity Plan (BCP) across the company in Brazil.• Established fraud prevention strategies and coordinated incident response efforts, including equipment loss prevention and secure disposal, adhering to PCI standards.• Conducted application security risk assessments on critical business applications and performed in-depth risk evaluations for strategic projects.• Developed and implemented Information Security and Access Management policies, reviewed contracts for security clauses, and created a tool to streamline the inclusion of relevant clauses.

• Implemented global IT standards and internal controls, including DRP methodology, segregation of duties guidelines, and standards for change management, access control, and mobile devices, with materials shared across international institutions.• Coordinated and participated in information security incident investigations, improving incident response processes and reducing fraud risks.• Led efforts to mitigate Internal Audit and SOX issues, achieving an 80% reduction in findings in affiliated institutions in Brazil from 2011 to 2015.• Trained 100+ IT professionals in SOX, IT General Controls, and Risk Management, enhancing security awareness and strengthening IT security processes across institutions.

• Provided PMO and risk management consulting services in strategic projects at Oi Telecom and Vale.

• Managed a team of 10 and oversaw 50 engineering projects in a strategic Health, Safety and Environment (HSE) portfolio across 12 corporate areas of Petrobras.• Developed tools that reduced 40 hours of monthly reporting time, streamlining project tracking and risk management processes.• Successfully negotiated 360 additional consulting hours to enhance reporting capabilities and provide further advisory support in Petrobras.• Provided consulting for strategic risk management in high-impact projects, including a steel plant for Thyssenkrupp, contributing to the definition of test requirements for the Risk Management system.

• Provided SOX compliance advisory, including process mapping, systems audits, IT internal controls, and business process automated control testing, along with data analysis using Computer Assisted Audit Techniques (CAAT).• Coordinated and delivered on-the-job training for junior professionals.