Information Security Manager with over 20 years of experience in the ICT area and strong technical background worked for both private and public sectors.
• Overall responsibility for technology risk management of a large public organization with +22k employees.
• Developed methodologies to perform risk assessment, risk reporting, business impact analysis, and risk maturity to improve systems and operational security.
• Conducted Threat modelling, risk Assessments and IT Security reviews to assess business and technology risks within the current operating model.
• Worked with business units to identify their perceived threats to the integrity, availability, and confidentiality of their information assets by conducting a Business Impact Analysis.
• Ensured privacy and policy standards were met according to compliance and regulatory guidelines for major clients, including ISO 27001, SOX, HIPPA, PCI DSS, among other security standards.
• Participation in controls audit, improving audit processes and gaps identification techniques resulting in reduce audit times by 30%.