Porto Metropolitan Area
Paulo like´s to learn, to read and to talk to people and as a result he has 5 academic titles - two technical graduations (network´s systems engineering and computer science), a post-graduation specialization, a master´s degree and a MBA specialized in economy and Finance and 3 professional certifications (Cobit, ISO27001LA and CISA). He has worked by more than 15 years (since 1998) in Information security / Cybersecurity areas and functions: as an auditor (internal and external), as an architect, project Managment, C-level Advisory, and consultant (systems, training and processes), European project researcher on Identity Management, Oporto University Invited Professor. He has worked in several sectors: Finantial Markets (Euronext), Finance and Banking (Banco BPI), Energy (EDP), Telecommunications (Vodafone), Portuguese Government and on Retail (SONAE). Interests in: Security Internet of Things Innovation project management consulting projects integration IT Security CyberSecurity Specializations: negotiation market analysis presentation IT Governance
Cybersecurity governance, risk and compliance Data security governance • Assisting with the strategic alignment of information security with the business strategy. • Assisting with the implementation and maintenance of the Information Security Programme. • Assisting with efforts to align internal security practices with industry best practices and security frameworks commensurate with strategy and the expectations of our clients and regulators. • Assisting with risk assessments and the risk management process by executing appropriate measures to manage and mitigate risks thus reducing the potential impact on information processing resources and assets. • Ensure the Information Security Risk register is up to date, tracked, and presented on a regular basis to management. Working through action plans to conclusion with all stakeholders. • Assisting with audit activities whether orchestrated internally or externally by a third party. • Managing InfoSec engagement affairs and resource handling across the InfoSec team. • Performance measurement by measuring, monitoring and reporting information security governance metrics to ensure that organisational objectives are achieved and evidenced. • Assisting with compliance matters or conflicts of interest relating to communicated; Policy, Standards, Procedures, and Guidelines. • Managing the overall GRC state of all new projects and initiatives, including ownership of the In-Take process for the Information Security Department. • Assisting in the drafting and preparation of departmental security document sets. • Keeping track of policy and standards exceptions and the risks aligned to them. • Keep abreast of new risks and trends in the threat landscape that may need to be addressed within information security policies, procedures and standards. • Exhibit a broad knowledge of security compliance and auditing frameworks and apply those to formulate policies, procedures and standards. • The delivery of security awareness
• The day to day management of two sub-divisional teams. • Responsible for the security architecture and engineering current and future states at Euronext. • Reviews and approves all proposed security solutions / designs. • Provides guidance and steerage regarding security strategy and requirements. • Creates and proposes standards and procedures in support of all policy controls and industry best practices. • The management of the financial affairs of the division and assisting the CISO closely with budgetary matters. • Performance measurement by measuring, monitoring and reporting information security metrics to ensure that organisational objectives are achieved and evidenced. • The ability to translate business requirements into secure solutions aligned with strategy and risk appetite. ----
Provide assurance to the Board that IT risks are being properly managed: - Assessing the capability of IT management and governance processes; - Reviewing, analyzing and testing applications, infrastructure, processes and activities to determine that technology is resilient and controls are operating effectively; - Making recommendations concerning the improvement of the control environment or the operation of controls; - Follows up on audit findings to ensure that management has taken corrective action(s); - Prepare reports and other technical information in a pertinent, concise, and accurate manner; Work closely with the business to assist them in the definition of information systems control requirements. Maintain an appropriate level of computer literacy and technology knowledge Retail. Governance - COBIT 5 Information Security Management - ISO 27000, ISO 27001, PCI, NIST.
Senior Project Engineer -Proposes clear and achievable project objectives that balance demands for quality, scope, time and cost - Evaluates requirements and constraints for IT projects while balancing business requests and client expectations - Manage projects in accordance with the internal project management framework and standard IT processes - Finds and escalates all risks and issues in a timely manner - Prepares regular and ad-hoc reports on progress, financial status, risks and issues - project planning, budgeting and tracking skills and a track record in using these successfully in a high-change, multi-project environment - Program management related - Budget, Suppliers negotiation
Auditor de Segurança de sistemas de telecomunicações. Pentesting compliance controls with CIS