GRC leader, responsible for maintenance of ISO 27001 certification; performing internal information security auditing using ISO 27001, CIS Controls and NIST frameworks; third-party risk assessment; development and review of policies, processes and procedures; review and respond to RFIs/RFPs and contracts; training on the governance, risks and compliance path for cybersecurity interns; incident handling; security awareness and skills training.

Responsible for developing and reviewing information security standards, policies and procedures; evaluate and validate action plans for information security; defining and monitoring information security requirements with the business areas; performing audits on information systems; assessing and monitoring the maturity level of information security processes; awareness training for employees regarding information security; managing and monitoring activities related to privacy, security and governance via OneTrust platform; maintenance of the cybersecurity program through third-party risk assessment and creation of a mitigation plan against cyber-attacks using the MITRE ATT&CK framework.

Responsible for supervising the Systems and Development teams. Conducted the feasibility study, integration and implementation of systems and services; creation, review and application of information security policies based on ISO 27001; configuration and maintenance of on-premises servers (Windows and Linux) and routers/switches (Mikrotik, Huawei, Cisco); training employees; assisting in the analysis and implementation of processes.