View All Candidates CVs

Cybersecurity Consultant

Candidate CV
Cybersecurity Consultant Summary

6+ years’ experience, has been working on international and national IT Audit, Compliance, and Consulting projects, including Sox certification, ITGC, implementation, and adequacy to COBIT 5, COBIT 2019, and NIST/Cybersecurity. Also have been working on GRC projects and adequacy to ISO27001, ISO27002, and ISO27005 standards, mapping Risks and Internal Controls about business and IT, evaluation, and adequacy to the data privacy law from Brazil and Europe (LGPD and GDPR), SOC1 and SOC2 certification (ISAE3402), adequacy to ISO31000 and ISO37301 on beverage, financial, bank, energy, automobile, e-commerce, oil, and gas companies.

Language Proficiency
  • Fluent English
  • Fluent Spanish
  • Native Portuguese

Cybersecurity Consultant

Jun 2022 – today

Cybersecurity Consultant Responsibilities:
  • Work with projects based on IT Audit, adequacy and Compliance with LGPD (Lei Geral de Proteção de Dados), Mapping Risks and Internal Controls about IT, IT controls test (ITGC), Data Protection Impact Assessment (DPIA), Provides Information Security Training/Workshop, creation/review of Business Continuity Plan (BCP), Risk and Compliance (GRC) assessment, Information Security policies, Privacy Assessment, compliance with ISO31000 standard, Mapping controls based on the NIST Cybersecurity Framework and control mappings based on ISO27001 and ISO27002 standards.
  • These projects brought better values to the companies, such as a better structure of internal controls, more maturity in technology and governance processes and greater protection and privacy of personal data.
Technologies and tools:

Tenable Nessus, KnowBe4, SIEM, IAM, SOC, DLP, Active Directory, AIP


Information Security consultant

Dec 2021 – Jun 2022

Information Security Consultant Responsibilities:
  • IT Audit;
  • Implement and adapt to COBIT 5 and COBIT 2019.
  • ITGC (Information Technology General Controls).
  • Adequacy and Compliance with LGPD (Lei Geral de Proteção de Dados).
  • Revenue Assurance based on CAAT (Computer Assisted Audit Tools).
  • Mapping Risks and Internal Controls for IT and Business
  • Compliance with ISO31000 standard;
  • Mapping controls based on the NIST Cybersecurity framework.
  • Control mappings based on ISO27001 and ISO27002 standards

Technologies: COBIT, NIST Cybersecurity


Technology Risk Consultant

Out 2021 – Dec 2021

Technology Risk Consultant Responsibilities:
  • SOx certification (Sarbanes-Oxley);
  • IT Audit;
  • IT Consulting;
  • IT Risk;
  • Implement and adapt to COBIT 5 and COBIT 2019.
  • ITGC (Information Technology General Controls).
  • Adequacy and Compliance with LGPD (Lei Geral de Proteção de Dados) and GDPR (General Data Protection Regulation);
  • CAAT (Computer Assisted Audit Tools) and JE (Journal Entries).
  • Certification and Compliance with SOC1 and SOC2 reports (Service Organization Controls | ISAE3402).
  • Risk Mapping and IT Internal Controls.
  • Certification and Compliance with the ISO31000 standard.
  • Mapping controls based on NIST framework; and
  • Control mappings based on ISO27001 and ISO27002 standards.
Technologies and tools:

CAAT, SIEM, IAM, SOC, DLP, Active Directory, AIP


Technology Risk Consultan

Out 2020 – Out 2021

Technology Risk Consultant Responsibilities:
  • SOx certification (Sarbanes-Oxley);
  • IT Audit;
  • Analyst IT Consulting, IT Risk.
  • Implement and adapt to COBIT 5 and COBIT 2019.
  • ITGC (Information Technology General Controls).
  • Adequacy and Compliance with LGPD (Lei Geral de Proteção de Dados) and GDPR (General Data Protection Regulation);
  • CAAT (Computer Assisted Audit Tools) and JE (Journal Entries)
  • Certification and Compliance with SOC1 and SOC2 reports (Service Organization Controls | ISAE3402).
  • Risk Mapping and IT Internal Controls.
  • Certification and Compliance with the ISO31000 standard.
  • Mapping controls based on the NIST framework.
  • Control mappings based on ISO27001 and ISO27002 standards.
Technologies and tools:

CAAT, SIEM, IAM, SOC, DLP, Active Directory, AIP

Book Meeting