Experience

CashMe

• Brazil
• Financial Services
• 200 - 300 Employee

• Information Security Specialist

  • May 2022 - Present

  I have been working in the development and operation, dealing with cybersecurity and regulatory compliance, and projects architecture. - Deployment Security controls on the Software Development Life Cycle (SDLC). - Development and implementation of an Enterprise Security Program. - Design solutions to network security to working with team leads, customers, engineers, and developers to appropriately translate functional needs into technical security requirements. - Development a shift left security mindset, making sure the DEVSECOPS process is effective, and the developers are being trained properly - Interface to assist development teams in identifying, developing, implementing, and maintaining security processes to reduce risks - Public Cloud security (Azure and AWS), Network Security ( WAF, DLP and CASB) - Policies, Processes and Procedures for Information Security, Risk, Privacy and Regulatory Compliance (LGPD), Lean and agile methodology. Show less



GFV Consultoria

• Brazil
• Computer and Network Security
• 1 - 100 Employee

• Information Security Specialist

  • Nov 2016 - Present

  Responsible to drive and execute projects in the following areas:. • Ethical hacking test (Infrastructure and applications). • Policies based on ISO27000. • Risk assessment. • Assist managers into IT security matters. • Support commercial team for customer’s proposals . • Information security awareness lectures. Responsible to drive and execute projects in the following areas:. • Ethical hacking test (Infrastructure and applications). • Policies based on ISO27000. • Risk assessment. • Assist managers into IT security matters. • Support commercial team for customer’s proposals . • Information security awareness lectures.



CALCARD ADMINISTRADORA DE CARTÕES LTDA.

• Brazil
• Financial Services
• 100 - 200 Employee

• Information Security Analyst

  • Sep 2019 - May 2022

  • Ethical Hacking Test for infrastructure and application. • Company's projects Advice on IT security. • information security policies, procedures and flows. • Cyber security projects such as vulnerabilities management and cyber security architecture. • LGPD project (GDPR). • Risk assessment (based on standards and regulations such as ISO27000 and PCI). • GAP analysis. • Information security projects advice. • Internal and third parties risk Assessment. • Design and support for instant card issuance solution (HSM, encryption, authentication, authorization and audit). Show less



Grupo Marista

• Brazil
• Non-profit Organizations
• 700 & Above Employee

• Cyber Security Specialist

  • May 2018 - May 2019

  • Responsible to conduct Ethical Hacking Test for infrastructure and application. • Company's projects Advice on IT security. • Write and drive RFP and projects for technology information security. • Cyber security projects as SOC and vulnerabilities management. • LGPD project (GDPR). • Risk assessment. • GAP analysis. • Information security projects advice. • Internal and third parties risk Assessment. • Responsible to conduct Ethical Hacking Test for infrastructure and application. • Company's projects Advice on IT security. • Write and drive RFP and projects for technology information security. • Cyber security projects as SOC and vulnerabilities management. • LGPD project (GDPR). • Risk assessment. • GAP analysis. • Information security projects advice. • Internal and third parties risk Assessment.



CEABS Serviços

• Brazil
• IT System Data Services
• 100 - 200 Employee

• Sr IT Security Analyst

  • Aug 2015 - Jul 2016

  • Responsible to writing policies and standards based on ISO 27000 for the company. • Responsible to performing security infrastructure testing to company assets. • Advice and support infrastructure and development team. • Assist managers in the IT security matters. • Security best practices evaluation and implementation for Active Directory and Linux environment. • Evaluation and support firewall environment. • Assistance and support internal and external audits requests. • Responsible to creating and implementing security awareness campaigns to the company. • Responsible for applying information security awareness lectures. Show less



Xmart Solutions

• Brazil
• IT Services and IT Consulting
• 1 - 100 Employee

• Senior IT Security Consultant

  • Jun 2012 - Jul 2015

  • Consultant in IT security projects, risk assessment, pen testing, vulnerability assessment and IT security consultancy to financial companies and government. • Responsible to implement and support the follow tools: - VAS (vulnerability assessment scanning) - IDG Entrust - Core impact (pen testing tool) - Security application testing tool (NTO). • Consultant in IT security projects, risk assessment, pen testing, vulnerability assessment and IT security consultancy to financial companies and government. • Responsible to implement and support the follow tools: - VAS (vulnerability assessment scanning) - IDG Entrust - Core impact (pen testing tool) - Security application testing tool (NTO).



HSBC

• United Kingdom
• Financial Services
• 700 & Above Employee

• Information security Team leader

  • Jul 2010 - May 2012

  • Responsible Leadership in projects and people. • Risk assessment, responsible to manage the pen testing and risk assessment team as well security consultancy to HSBC UK and Europe working in partnership with India. • Responsible to perform security application testing to UK and Europe offices to new and existing systems based on ISO 27000 and internal policies and regulatory. • Attended weekly basis meeting to discuss security assessment and testing matters. • Responsible Leadership in projects and people. • Risk assessment, responsible to manage the pen testing and risk assessment team as well security consultancy to HSBC UK and Europe working in partnership with India. • Responsible to perform security application testing to UK and Europe offices to new and existing systems based on ISO 27000 and internal policies and regulatory. • Attended weekly basis meeting to discuss security assessment and testing matters.



Itaú Unibanco

• Brazil
• Banking
• 700 & Above Employee

• Security analyst

  • Oct 2000 - Mar 2010

  • Leader in projects of hardening, intrusion detection and prevention and vulnerability management. • Responsible to lead penetration testing (infrastructure and application), training people in Brazil and international units, integrating sites such as Unibanco, Bank Boston and others, related on IT security topics. • Representative in matrix team (alongside business continuity, operational, application and infrastructure areas) to develop BCP solutions to Itau disaster recovery site in the security matters. • Representative in the PCI project certification to Redecard/Orbitall (Brazilian credit card company that belong Itau) deciding process, rules and policies involving firewalls, access control, data encryption, regular basis penetration testing, hardening (servers, databases, network devices as example) as well the responsible to answer the external auditors. • Representative to answer SOX (Sarbaney Oxley) audits related to penetration testing, hardening, SOC and vulnerabilities assessment e mitigation (I worked with the compliance staff advising and help them in the above matters). • I Audited external companies doing risk assessment where we have covered many items including physical and logical security based in SAS-70 and ISO 27000(I have participated writing processes and "how to" as well). • Responsible to write Itau covering PCI, SOX and local policies for international sites where they want to follow regional regulations (like Switzerland and Uruguay). • Performed forensic analysis preventing banking frauds. • Responsible to homologate and buy security tools to cover infrastructure, application and intrusion prevention systems. • Applied security awareness lectures to operational, applications and infrastructure teams. • Responsible to train SOC operational team . • Responsible to create the password management custody process to servers and database as example. • Responsible Leadership in projects and people. Show less



Banestado

• Curitiba Area, Brazil

• Support analyst

  • May 1993 - Oct 2000

  • Leadership in the projects for Microsoft platforms, such as SNA servers, IIS, Windows NT 4 and 2000. • Instructor of internal courses (Microsoft), administration of Novell, Unix and Microsoft network. • Cobol CICS developer (1995) • Cabletron and Cisco support. • Leadership in the projects for Microsoft platforms, such as SNA servers, IIS, Windows NT 4 and 2000. • Instructor of internal courses (Microsoft), administration of Novell, Unix and Microsoft network. • Cobol CICS developer (1995) • Cabletron and Cisco support.