IT Expert - SAP Netweaver/Information Security/Project Manager

An accomplished Technology and security expert with 10+ years leading the design, development and implementation of high-performance technology and security solutions. Strong record of success in managing, supporting and implementing robust IT environments.
Proven consulting background, including working with C level executives, solid leadership skills and ability to bring the benefits of IT to solve business issues while delivering projects, applications and infrastructure to large corporations. Team leadership and presentation skills at executive management level.
Expert in multiple technology platforms and architectures and in integration and architecture related issues providing problem solving in several areas of IT.
+11 years of experience in Business/Technical Consulting and IT Management, with high expertise based on experience in the following companies: General Motors (auto), PETROBRAS (oil&gas), EDP Bandeirante, CPFL (Utilities), SYNGENTA, Monsanto (agri-business - biotechnology), Grupo Telefônica, TIM  and OI (Telecom), Ministerio de Hacienda de Panamá (Public Sector), Concremat (construction engineering), Natura (cosmetics) and TIVIT (Information Technology).
 
ACADEMIC PROFILE

• Bachelor’s degree in System and Automation Engineering from the FATEC/SP (2002)
• Partial Master Degree in Materials Science (USP – University of Sao Paulo) – (2002/2003)
• “Master Business Administration” degree from FIAP/SP (emphasis in Information Technology) - 2008
• Technical School at Instituto Federal de Educação, Ciência e Tecnologia de São Paulo (Web Technologies/Java) – 2014
• Post Graduate in Integrated Safety, Environmental and Quality Management System at SENAC/SP (2015-2016)

Bachelor’s degree in Environmental Management at University of Sao Paulo (USP) – 2016 – 2019 (expected)

BCD Travel – Corporate Analyst II - Provider of Global Corporate Travel Management  – 10/2014 – current
 
Responsible for Brazil Information Security Operations and recently acquired roles to BCD travel sites in Latin America

• Reporting directly to the Corporate Security Vice President in Atlanta, US:
• Ensuring unclassified and sensitive security information and areas are not compromised and are in full accord with all regulatory security requirements for such areas.
• Responsible for contributing to IT Security Governance company security Policies and Standards adhered to by the global company
• Put in charge of PCI (Payment Card Industry) compliance for systems that take credit cards for payment in a large range of applications and processes in Brazil, Costa Rica, Belgium and Mexico in a $10 million per year revenue market.
• Produced an independent working attitude providing support to Senior Executive
• Assists with the development and execution of security governance framework 
• Ensures strategic alignment of security program to business objectives  
• Drafts and develops briefs and business cases detailing information security actions.
• Identifies exposures and provides recommendations as well as handling IS Incidents (Malwares, SPAMs, viruses, vulnerabilities) across the globe and facilitates the creation of security policies, procedures, standards and guidelines.
• Develops, monitors and reports on security process effectiveness and reviewed documented, and tested Information Security controls for suitability 
• Understanding of data protection (Personal Identifiable Information – PPI) and laws when it comes to transferring of traveler data for 3rd parties, build and enhance existing fraud detection processes.
• Regular International exposure in United States and Germany;
• Established Security Committee offering ISO 27001-certification guidance, while working with external auditors and directing IT security audit procedural policies

Gruppo Energent– System Engineer – Empresa de TI Italiana – 08/2014 – 10/2014

• Desenvolveu propostas técnicas e estrategia de Vulnerability Assessment
• Criação de cenários de integração com Blue Coat (Proxy & Wan Optimizator) and appliance de rede (XML conversion and log reading).
• Acompanhamento da operação de segurança no SOC (Security Operations Center) da TIM;

 
EDP (Energias do Brasil) – Security Information Leader - Global Utility Company – 12/2013 – 05/2014
Developed and implemented information security policies and procedures as well as Providing Risk Management and mitigation recommendations for threats and vulnerabilities aiding the IT team to protect enterprise infrastructure, information and business continuity. Monthly reported to the CIO and Vps.
 

• Led the implementation of initiatives involving core security domains such as Identify and Access Management; Application and Data security; Infrastructure and Endpoint; SIEM and SAP GRC according to best practices like OWASP and ISO 27001;
• Introduced the Incident Management Process and Response Plan and Security Requirements Specification in the company and participated in the development of documentation of corporate-wide security policies and procedures;
• Risk assessments on proposed projects including the first SAP web-based interfaces with external providers (web services);
• Hands-on activities (OWASP tools, Nessus, common exploits in C, perl or python, reverse engineering of executables) to scan, detect and attack vulnerable targets and services and led the correction or fixing;
• Discovered more than 1000 vulnerable machines (Adobe Flash Zero-Day Exploit) and managed to fix all of them;
• Forensics methods to detect internal frauds. Discovery of how users performed frauds in SAP R/3 systems;
• Responsible to test, design the security requirements and infrastructure and put in production the first webservices (SAP-PI) between EDP and external providers (involved WSDL testing and invocation of SOAP Requests),

 
CSC – Computer Science Corporation - Privately Held; international company – Aug/2009 to Dec/2013
        Leader of Cloud Computing Solutions at CSC Brazil and Solution Architect for SalesForce.com projects and did some presales engagements. Worked throughout the entire SDLC, from gathering business requirements until the implementation, including workshops and integration with legacy systems.
        Lead Architect Salesforce.com for around 1500 licenses customers.

• SalesForce.com Technical Leader in Brazil - May/2012 to Dec/2013

Strategic

• Pre-sales activities for Monsanto, Syngenta, BASF and Concremat communicating the value of Salesforce.com\'s solutions (both functionally and technically) and performing POCs and workshops.
• Responsible for leading the design of technical solutions for SalesForce.com related projects and POCs including Mobile development and Managing SFDC related development teams in India, Europe and the US.
• Established the end-to-end strategy and soundness of the integrated technical solution and guiding technical architecture and business modeling in SalesForce.com solutions to Agribusiness companies for over 500 users.
• Engaged with client stakeholders to analyze business processes and functional requirements in the context of Salesforce.com

Tactical

• Supported and engaged with the development team during the build stage, working with the development team to drive out and capture detailed design;
• Setting technology architecture, security and systems integration using Web Services / SOAP, Development of APEX triggers, visual forces, customization and creation of objects as well as for communication services using Web Services (REST API) to companies in the construction and agribusiness segments.
• Facilitated and led group discussions of Sales Representatives to elicit requirements in business sessions.
• Strong Requirements gathering experience using JAD Sessions & Conducting User Interviews, and preparing functional documents like Use Cases, Software Requirements Specifications (SRS).
• Industrialize agile methodology for customer program through tools and fast deliveries.

• Project Manager and IT Specialist – Energias do Brasil - 03/2011 to 12/2011

• Responsible for successfully implementing a Printing Outsourced model, using centralized architecture, printing tracking process and security authentication model to users of more than 20 cities in Sao Paulo region. Also co-managed Telecom Management Project. Main Result: cost reduction around 40% in telecom expenses and decreasing of printing costs by around 50%. Project’s value: R$500K.

• IT Architect – VIVO (Telefonica Group) (08/2009 to 12/2009)

• Managed the implementation of a heterogeneous platform of SAP R3 (RED HAT Linux, Oracle Clustering, Oracle RAC 10.2.0.4 and SUN Solaris) in contrast of a homogeneous one:
  • Assisted the configuration of SAP NetWeaver for Oracle 10g Real Application Clusters Version 2008 and helped the team in performing Homogeneous System Copy of SAP ERP data.
  • Managed the conduction of interface tests, scripts and SAP business transactions. Main Result: more than 300 business processes tested and a heterogeneous platform up and running.

 
BearingPoint (formerly KPMG Consulting - Senior Consultant – Aug/2003 to Aug/2009
At this time I was rapidly promoted through roles as Consultant to Senior Consultant due many project management deliveries and improving overall security in VIVO. I contributed to some of the first security policies in the company and reduction of cloning and subscription fraud occurrences when they were still on the increase.

• Project Manager and Security Specialist – VIVO (Telefonica Group) - (02/2006 to 12/2008)

• Managed the operational fraud team of more than 30 professionals, to detect, investigate and resolve issues/concerns on customer-usage fraud or network abuse cases such as Subscription fraud, International High-usage Roaming, Premium Rate Services, International Call Bypass, and SMS fraud.
  • Represented VIVO in meetings with business clients and interconnect Carriers for discussing fraud security, billing/traffic settlement issues/concerns.
  • Main result: reduced cell phone cloning (CDMA) in about 90%, when cloning in Brazil market was still on the way (2005-2006). Project’s value: R$20MM
• Security Specialist for a Security Information based-project that handled internal vulnerabilities;
• Increased overall security of the main enterprise applications (SAP, BSS, OSS).

 
Hewlett-Packard Invent (HP) – Feb/2002 to Apr/2003

• Technical Support for corporate clients in Windows Server and HP-UX platforms and hardware devices (printers, plotter and PCs)
• Trained in IT high-complex environments (HP-UX 9000)

 
LANGUAGES

• Native Portuguese
• Fluent English
• Intermediate Spanish
• Basic Italian

 
LAST COURSES

• Malicious Software and its Underground Economy – University of London (May, 2014)
• Applied Physics and Statistics – MOOC at University of Sao Paulo (June, 2013)
•  What a Plant Knows (and other things you didn’t know about plants) -  Tel Aviv University on Coursera (dec, 2014)

 
INTERNATIONAL EXPERIENCE

• United States; Latin America (Equador, Colombia, Panama), Europe (Italy and Germany).

 
TECHNICAL SKILLS

• Project Management, IT Management, Risk Assessment, SDLC, TOGAF, AGILE, SCRUM
• Information Security expertise in application and infrastructure security architecture, design, and engineering using technologies, solutions, or frameworks inclusive of OWASP, SAML, firewalls, SSO, SAP GRC, IDM, data encryption, malware management, web content management, SEM, etc.
• Languages/Tools: C, x86, Reverse Engineering, Java, Python, PHP, Pearl, MS Visio, XML, Web Services, SOAP, Oauth, REST API, SAP ABAP and SAP NetWeaver Application Server.
• TCP/IP architecture, routing protocols and security and Hands-on Windows and Network Administration
• Modeling Techniques: Unified Model Language (UML), Rational Rose.
• Networking Applications: Socket Programming, Linux Shell and system programming
• Database Applications: Oracle, MS Access, MS SQL Server, MySQL, PL/SQL and Big Data (SAP) and ETL (Power Center and SAP BO).
• Software Modeling: Rational Rose, MS Project, MS Visio.
• Used to group work, good communication skills, Technical Report/Specification Writing, Group Work,
• SalesForce.com - API & Webservices, Data migration, Case Management & Knowledge, Territory Management,Complex sharing models and Customer Portal