Perform the day-to-day activities of IT audit engagements based on ISO27001, and readiness assessments.
Evaluate the design and effectiveness of technology controls
Identifies and communicates IT audit findings.

GRC leader, responsible for maintenance of ISO 27001 certification; performing internal information security auditing using ISO 27001, CIS Controls and NIST frameworks; third-party risk assessment; development and review of policies, processes and procedures; review and respond to RFIs/RFPs and contracts; training on the governance, risks and compliance path for cybersecurity interns; incident handling; security awareness and skills training.

Responsible for developing and reviewing information security standards, policies and procedures; evaluate and validate action plans for information security; defining and monitoring information security requirements with the business areas; performing audits on information systems; assessing and monitoring the maturity level of information security processes; awareness training for employees regarding information security; managing and monitoring activities related to privacy, security and governance via OneTrust platform; maintenance of the cybersecurity program through third-party risk assessment and creation of a mitigation plan against cyber-attacks using the MITRE ATT&CK framework.

Responsible for supervising the Systems and Development teams. Conducted the feasibility study, integration and implementation of systems and services; creation, review and application of information security policies based on ISO 27001; configuration and maintenance of on-premises servers (Windows and Linux) and routers/switches (Mikrotik, Huawei, Cisco); training employees; assisting in the analysis and implementation of processes.