IT Risk & Governance Specialist

Trusted advisor for enterprise risk, security, and IT strategy

Deep proficiency in COBIT, ITIL, ISO 27001/27002, NIST CSF, LGPD, GDPR, and SOX.
Led ISO 27001 ISMS implementation: achieved organizational certification; 40% reduction in audit non-conformities.
Pioneered ISO 27005 risk methods: quantified security investments via technical-to-business financial translation.
Built automated GRC dashboards; unified disparate compliance/risk signals into a real-time posture.
Driven Security & Privacy Culture: led "Security by Design" training, embedded privacy across teams.

Cyber Defense Analyst

Proficient in SIEM, EDR/XDR, Vulnerability Management; expert with MITRE ATT&CK.
Re-architected SIEM detections: cut MTTD by 60%, reduced false positives by 75%.
Technical lead for ransomware and BEC response: minimal business impact.
Automated vulnerability management: shrank external attack surface by 45%.
Built/Deployed SOAR playbooks: freed analyst time for proactive detection.

Mastery of PMBOK/Agile/Scrum/Hybrid (Jira/MS Project). Portfolio (PPM) & C-level reporting expert.
Global CRM project: delivered 15% under budget, 25% sales lift.
Built corporate PMO: improved portfolio accuracy/visibility by 40%.
Turned around at-risk project: negotiated scope, restored sponsor confidence.
Developed value scorecard for portfolio: aligned investments to ROI/risk/strategy.

Skilled in COBIT/ISO 27001/SOX/GDPR audits. ITGC test and risk assessment expert.
Led SOX compliance audits: 100% success, zero critical external findings.
Secured AWS/Azure via ISO audits: hardened security posture.
Automated audit sampling: 100% log review, greater coverage/exception detection.
Reduced post-implementation audit findings by 50% as project advisor.