Paulo Carvalho Martins

CEO Euronext technologies PT & Group CISO at Euronext & Board Member at Euronext Lisbon

Porto Metropolitan Area

About

Paulo like´s to learn, to read and to talk to people and as a result he has 5 academic titles - two technical graduations (network´s systems engineering and computer science), a post-graduation specialization, a master´s degree and a MBA specialized in economy and Finance and 3 professional certifications (Cobit, ISO27001LA and CISA). He has worked by more than 15 years (since 1998) in Information security / Cybersecurity areas and functions: as an auditor (internal and external), as an architect, project Managment, C-level Advisory, and consultant (systems, training and processes), European project researcher on Identity Management, Oporto University Invited Professor. He has worked in several sectors: Finantial Markets (Euronext), Finance and Banking (Banco BPI), Energy (EDP), Telecommunications (Vodafone), Portuguese Government and on Retail (SONAE). Interests in: Security Internet of Things Innovation project management consulting projects integration IT Security CyberSecurity Specializations: negotiation market analysis presentation IT Governance

Experience

  • Euronext (5 yrs 6 mos)
    • Euronext Lisbon - Board Member
      Jan 2026 - Present · 7 mos

    • CEO Euronext technologies PT
      Jul 2022 - Present · 4 yrs 1 mo

    • CISO
      Feb 2021 - Present · 5 yrs 6 mos

  • Euronext (3 yrs 2 mos)
    • Deputy Chief Information Security Officer (Deputy CISO)
      Oct 2019 - 2020 · 4 mos

    • Head Of Information Technology, Cybersecurity Governance Risk and Compliance
      Jan 2018 - Oct 2019 · 1 yr 10 mos

      Cybersecurity governance, risk and compliance Data security governance • Assisting with the strategic alignment of information security with the business strategy. • Assisting with the implementation and maintenance of the Information Security Programme. • Assisting with efforts to align internal security practices with industry best practices and security frameworks commensurate with strategy and the expectations of our clients and regulators. • Assisting with risk assessments and the risk management process by executing appropriate measures to manage and mitigate risks thus reducing the potential impact on information processing resources and assets. • Ensure the Information Security Risk register is up to date, tracked, and presented on a regular basis to management. Working through action plans to conclusion with all stakeholders. • Assisting with audit activities whether orchestrated internally or externally by a third party. • Managing InfoSec engagement affairs and resource handling across the InfoSec team. • Performance measurement by measuring, monitoring and reporting information security governance metrics to ensure that organisational objectives are achieved and evidenced. • Assisting with compliance matters or conflicts of interest relating to communicated; Policy, Standards, Procedures, and Guidelines. • Managing the overall GRC state of all new projects and initiatives, including ownership of the In-Take process for the Information Security Department. • Assisting in the drafting and preparation of departmental security document sets. • Keeping track of policy and standards exceptions and the risks aligned to them. • Keep abreast of new risks and trends in the threat landscape that may need to be addressed within information security policies, procedures and standards. • Exhibit a broad knowledge of security compliance and auditing frameworks and apply those to formulate policies, procedures and standards. • The delivery of security awareness

    • Head of Cyber Security Architecture
      Feb 2017 - Dec 2017 · 11 mos

      • The day to day management of two sub-divisional teams. • Responsible for the security architecture and engineering current and future states at Euronext. • Reviews and approves all proposed security solutions / designs. • Provides guidance and steerage regarding security strategy and requirements. • Creates and proposes standards and procedures in support of all policy controls and industry best practices. • The management of the financial affairs of the division and assisting the CISO closely with budgetary matters. • Performance measurement by measuring, monitoring and reporting information security metrics to ensure that organisational objectives are achieved and evidenced. • The ability to translate business requirements into secure solutions aligned with strategy and risk appetite. ----

  • Information Systems Auditor at Sonae
    Sep 2011 - Nov 2016 · 5 yrs 3 mos

    Provide assurance to the Board that IT risks are being properly managed: - Assessing the capability of IT management and governance processes; - Reviewing, analyzing and testing applications, infrastructure, processes and activities to determine that technology is resilient and controls are operating effectively; - Making recommendations concerning the improvement of the control environment or the operation of controls; - Follows up on audit findings to ensure that management has taken corrective action(s); - Prepare reports and other technical information in a pertinent, concise, and accurate manner; Work closely with the business to assist them in the definition of information systems control requirements. Maintain an appropriate level of computer literacy and technology knowledge Retail. Governance - COBIT 5 Information Security Management - ISO 27000, ISO 27001, PCI, NIST.

  • Senior Project Engineer at Critical Software
    Dec 2008 - Sep 2011 · 2 yrs 10 mos

    Senior Project Engineer -Proposes clear and achievable project objectives that balance demands for quality, scope, time and cost - Evaluates requirements and constraints for IT projects while balancing business requests and client expectations - Manage projects in accordance with the internal project management framework and standard IT processes - Finds and escalates all risks and issues in a timely manner - Prepares regular and ad-hoc reports on progress, financial status, risks and issues - project planning, budgeting and tracking skills and a track record in using these successfully in a high-change, multi-project environment - Program management related - Budget, Suppliers negotiation

  • Senior IT Auditor - Segurança de sistemas de telecomunicações at Vodafone Portugal
    2011 - 2011 · Less than a year

    Auditor de Segurança de sistemas de telecomunicações. Pentesting compliance controls with CIS