Cybersecurity Consultant Summary
6+ years’ experience, has been working on international and national IT Audit,
Compliance, and Consulting projects, including Sox certification, ITGC,
implementation, and adequacy to COBIT 5, COBIT 2019, and NIST/Cybersecurity.
Also have been working on GRC projects and adequacy to ISO27001, ISO27002, and
ISO27005 standards, mapping Risks and Internal Controls about business and IT,
evaluation, and adequacy to the data privacy law from Brazil and Europe (LGPD and
GDPR), SOC1 and SOC2 certification (ISAE3402), adequacy to ISO31000 and
ISO37301 on beverage, financial, bank, energy, automobile, e-commerce, oil, and
gas companies.
Language Proficiency
- Fluent English
- Fluent Spanish
- Native Portuguese
Cybersecurity Consultant
Jun 2022 – today
Cybersecurity Consultant Responsibilities:
- Work with projects based on IT Audit, adequacy and Compliance with LGPD
(Lei Geral de Proteção de Dados), Mapping Risks and Internal Controls about
IT, IT controls test (ITGC), Data Protection Impact Assessment (DPIA),
Provides Information Security Training/Workshop, creation/review of Business
Continuity Plan (BCP), Risk and Compliance (GRC) assessment, Information
Security policies, Privacy Assessment, compliance with ISO31000 standard,
Mapping controls based on the NIST Cybersecurity Framework and control
mappings based on ISO27001 and ISO27002 standards.
- These projects brought better values to the companies, such as a better
structure of internal controls, more maturity in technology and governance
processes and greater protection and privacy of personal data.
Technologies and tools:
Tenable Nessus, KnowBe4, SIEM, IAM, SOC, DLP, Active Directory, AIP
Information Security consultant
Dec 2021 – Jun 2022
Information Security Consultant Responsibilities:
- IT Audit;
- Implement and adapt to COBIT 5 and COBIT 2019.
- ITGC (Information Technology General Controls).
- Adequacy and Compliance with LGPD (Lei Geral de Proteção de Dados).
- Revenue Assurance based on CAAT (Computer Assisted Audit Tools).
- Mapping Risks and Internal Controls for IT and Business
- Compliance with ISO31000 standard;
- Mapping controls based on the NIST Cybersecurity framework.
- Control mappings based on ISO27001 and ISO27002 standards
Technologies: COBIT, NIST Cybersecurity
Technology Risk Consultant
Out 2021 – Dec 2021
Technology Risk Consultant Responsibilities:
- SOx certification (Sarbanes-Oxley);
- IT Audit;
- IT Consulting;
- IT Risk;
- Implement and adapt to COBIT 5 and COBIT 2019.
- ITGC (Information Technology General Controls).
- Adequacy and Compliance with LGPD (Lei Geral de Proteção de Dados) and
GDPR (General Data Protection Regulation);
- CAAT (Computer Assisted Audit Tools) and JE (Journal Entries).
- Certification and Compliance with SOC1 and SOC2 reports (Service
Organization Controls | ISAE3402).
- Risk Mapping and IT Internal Controls.
- Certification and Compliance with the ISO31000 standard.
- Mapping controls based on NIST framework; and
- Control mappings based on ISO27001 and ISO27002 standards.
Technologies and tools:
CAAT, SIEM, IAM, SOC, DLP, Active Directory, AIP
Technology Risk Consultan
Out 2020 – Out 2021
Technology Risk Consultant Responsibilities:
- SOx certification (Sarbanes-Oxley);
- IT Audit;
- Analyst IT Consulting, IT Risk.
- Implement and adapt to COBIT 5 and COBIT 2019.
- ITGC (Information Technology General Controls).
- Adequacy and Compliance with LGPD (Lei Geral de Proteção de Dados) and
GDPR (General Data Protection Regulation);
- CAAT (Computer Assisted Audit Tools) and JE (Journal Entries)
- Certification and Compliance with SOC1 and SOC2 reports (Service
Organization Controls | ISAE3402).
- Risk Mapping and IT Internal Controls.
- Certification and Compliance with the ISO31000 standard.
- Mapping controls based on the NIST framework.
- Control mappings based on ISO27001 and ISO27002 standards.
Technologies and tools:
CAAT, SIEM, IAM, SOC, DLP, Active Directory, AIP