SUMMARY

• M.Sc. Degree on Information Security Management at the Department of Electrical Engineering

Current position:Information Security Services Architect
Company: Confidential,Brazil
Period: since June, 2010
Main activities:

• Member of the Solution Design Center of Excellence (SDCoE) team. Responsible for the solution design of complex InfoSec projects involving both IBM and its partner’s products in professional and managed InfoSec services solutions to large customers.
• Granted the Creating the future of IBM Award, for being the architect in charge of the technical proposal for a large GTP firewall implementation (US$ 5M deal) for VIVO (mobile communications company in Brazil).

Previous position: IT Risk Advisory Services Manager
Company:Confidential,
Period: October, 2009 to May, 2010
Main activities:

• Leadership of IT Advisory projects advisory. Main topics of such projects include: IT management effectiveness, focusing IT management and governance best practices (ISO 20.000, ISO 27.001, CobIT, ITIL, BS 25999, ValIT). Definition of metrics and measurements for managing IT processes, IT risk assessment (based on ISO 27.002), establishment and revision of business continuity plans, IT strategic planning. Major clients: Serasa Experian, Redecard, Microsoft, CCEE.

Previous position:Information Security and Business Continuity Manager
Company:Confidential,
Period: February, 2006 to October, 2009
Main activities:

• Leadership of the Information Security and Business Continuity Committee.
• Definition of efficiency and efficacy metrics for the ISMS in place. Monthly assessment of the metrics defined and follow-up audits of action plans created to minimize deviations.
• Steering of the ISO 27001 certified ISMS (Information Security Management System), in all its disciplines: corporate information security policy definition, new technologies adoption, information security awareness plans, information security incident response.
• Leadership of internal information security and IT management compliance projects, adjusting processes to achieve compliance (ISO 20000, ISO 27001, SAS 70, PCI) in several departments of the company, including: IT, Legal, Human Resources, Asset Management, Physical Security, Facilities.
• Responsible for the IT risk and business continuity management for the ITO Business Unit (IT Outsourcing BU), supporting complex IT environments such as the ones of the following companies: Fidelity, Visanet, VM&B, Votorantim Industrial Group, and others, publicly known.
• Broad experience in the deployment of centralized authentication solutions (ACS Cisco, Active Directory Microsoft, LDAP), proxies and content inspection solutions (ISA Server, SurfControl, WebSense), firewalls (Checkpoint Firewall-1, IPtables), intrusion detection/prevention solutions (ISS SiteProtector), Data Loss Prevention solutions (Vontu), vulnerability assessment tools (Nessus, ISS Internet Scanner, and others.
• Commercial relationship management with major information security solutions providers: Checkpoint Software (development of partnership that made TIVIT CCSP), Nokia, Trendmicro, Symantec.
• Team building: team of 12 direct reports.
• Main challenges and accomplishments:
• ISO 20000 certification in 2009.
• Definition of roles and security controls for the corporate SAP ERP and satellite systems (Microsiga, Microsoft Dynamics).
• ISO 27001 certification in 2006.
• Establishment of a BS 25999 compliant business continuity management framework.
• Compliance SAS 70, with type 2 report issued without exceptions.
• Establishment of the CSIRT TIVIT (Computer Security Incident Response Team) member of national and international initiatives such as the HoneyNet Project and iNOC.
• Deployment of the CA ILM (Identity Lifecycle Management), integrating and automating the corporate logical access management process.

Position:Information Security Coordinator.
Company:Confidential,SA.
Period: from September, 2005 to January, 2006
Main activities:

• Initially invited to create an information security organization at Braskem. Responsible for the definition of corporate security policy and information security strategic planning according to applicable best practices.
• Definition, documentation and oversight of the implementation of IT controls focusing on Sarbanes-Oxley compliance. Primary focus on SAP security and SoD controls.
• Management of the information security services providers (operation and management of firewalls, IDS, network security configuration, independent vulnerability assessment). Main contracts: Checkpoint, TrendMicro, Microsoft, Unitech, Compugraf, F9C, NetSecurity, SecurityWeb.

Previous position:Information Security Specialist.
Company:Confidential,Brasil.
Period: from September, 2000 to August, 2005
Main activities:

• Design of information security solutions involving "best-of-breed" products for customers and internal infrastructure of Optiglobe. Extensive experience with Checkpoint, ISS, Symantec products. Deep knowledge of secure configuration of operating systems and networking equipment.
• Composition of information security configuration baselines applied to all systems in production at Optiglobe (including operating systems Windows, *nix and Cisco networking equipment).
• Extensive experience on information security incident response.
  

Previous position:Information Security Senior Consultant.
Company: Confidential,Brazil.
Period: from May to August of 2000
Main activities:

• Senior Information Security Consultant responsible for projects such as: implementation of ISS (currently an IBM division) products, information security assessments and architecture reviews.