Risk Management Data Privacy
Resume:
VIRIATO LEAO, CISA, CISM, CISSP
Boca Raton, FL 561-***-****
***********@*****.*** https://www.linkedin.com/in/viriatoleao/
Cybersecurity Governance Risk and Compliance Data Privacy IT Audit
Consummate IT professional who is passionate about Cybersecurity. Deep knowledge and proven experience in Corporate Cybersecurity Management, IT Governance, Risk and Compliance (GRC), and Data Privacy. Keen ability to establish key relationships and communicate effectively at all corporate levels. Exceptional critical thinking ability, curiosity, and a passion for learning and researching. A proven leader skilled at strategic planning with a strong commitment to deliver excellence.
Cybersecurity Risk Management
IT Change Management
Data Privacy analysis and mgmt.
Program Project Management
Third-Party Risk Management
Cybersecurity Threat Mgmt.
IT Audit Planning and Management
Vulnerability Management
IT Control Assessment
Security Architecture Design
Cloud Security Risk Review
Security Incident Management
HIPAA Compliance
SOX IT Audit
Application and Network Security
PCI DSS Certification
PROFESSIONAL EXPERIENCE
Education Sabbatical Break Jan 2024 – Dec 2024
I took a voluntary career hiatus to focus on my current Master of Science degree in Cybersecurity at Georgia Tech and to study for the US Privacy Certification exam at IAPP.
APEX / SANTANDER US, Miami, FL Oct 2023 – Dec 2023
Cloud Cybersecurity Risk Consultant – Contract
AWS Risks & Controls Review - Second Line of Support
Cybersecurity Risk analysis of the Bank’s platform migration to the AWS Cloud platform and identification/analysis of Cybersecurity risks.
TELEVISA-UNIVISION, Doral, FL Jan 2022 – Feb 2023
IT Governance, Risk and Compliance Senior Manager (GRC)
Televisa-Univision is a US/Mexican multimedia conglomerate, covering broadcasting in 29 countries.
Managed the Cybersecurity Vulnerability Assessment and Threat Management processes in partnership with the CISO and IT infrastructure teams, integrating the results with the Risk Management process.
Led the integration of the IT Governance processes for Univision and Televisa (400+ Policies, Standards, and Procedures).
Coordinated migration of the Televisa Univision IT platform to Google Cloud for the Cybersecurity domain.
Cybersecurity Risk Management and compliance attestation for administrative and financial systems running on the AWS cloud (EC2 – SaaS).
Chaired the Change Advisory Board (applications and Infrastructure).
Managed the 2022 SOX IT program and attestation for Televisa and Univision.
Managed the IT Compliance Self-Assessment program, performing over 1.4K tests in 2022.
Defined and implemented a new Cybersecurity Risk Management program for the US and Mexico subsidiaries, based on ISO and NIST frameworks.
Coordinated the review of SOC 1-2 reports from 12 critical vendors to support the Vendor Management program.
Reported GRC indicators directly to the IT Executive Committee and all constituents, providing rich, timely, and clear information.
VIRIATO LEAO ***********@*****.*** Page 2
CAPGEMINI – BUSINESS SERVICES, Pensacola, FL Oct 2018 – Jan 2022
Risk and Compliance Manager
Led the Cybersecurity Architecture and Risk & Compliance function for 22 large health insurance companies (Capgemini’s clients), with direct responsibility for their Information Security programs and 3rd Party Risk Management.
Managed the Cybersecurity Risk Management function for Capgemini’s Financial Services for the Americas, covering Cybersecurity risks in the domains of applications, networks, and infrastructure.
Coordinated the Change Advisory Board for Information Security matters.
Supported Cybersecurity compliance requirements from 21 health insurance customers, including coordination of external audits, HIPAA attestation, PCI DSS certification, SOC 1-2 reports, BCP, and Disaster Recovery (DR planning and tests).
Managed the annual review of InfoSec policies, procedures, and standards for the Americas.
Achieved/maintained industry certifications, such as ISO 27001, ISO 27701, ISO 22301 and PCI-DSS.
Led the architecture design function for Cybersecurity, with the involvement of application, network, and infrastructure teams. These included applications running in EC2 (AWS).
Defined and implemented the Privacy Program for the Americas, in compliance with ISO 27701 and GDPR regulations. The implementation was successfully certified by an external audit company.
Led the Security Incident Response Team.
EIS GROUP, San Francisco, CA April 2014 – Jan 2018
Delivery Director for Latin America
Led the company startup in Latin America.
Managed the relationship with our customers in Latin America to ensure platform compliance to their legal and institutional regulations, policies, and standards.
Established partnerships with consulting firms in Latin America, including Cognizant and IBM.
Risk and threat management for our Latin American customers.
Managed the sales and pre-sales activities in Latin America.
eBaoTech, Shanghai, China April 2010 – Apr 2014
Delivery Director for the Americas
Managed customization of the eBaoTech insurance suite for the Latin American market.
Implemented the enterprise solution in 3 global insurance companies.
Established a successful partnership with IBM in Latin America.
Managed the sales and pre-sales activities in Latin America.
ASSURANT, Miami, FL April 2008 – Jan 2010
CIO, IT International
Managed a global team of 200+ resources located in the US, Canada, Latin America, Europe, and Asia.
Oversaw IT governance, IT Risk and Compliance, Cybersecurity, strategic planning, application development, and data center operations.
Consolidated 2 regional data center hubs (Ireland and Argentina) into the USA, achieving relevant savings and major quality improvements.
Consolidated insurance applications into a global platform.
CITIBANK, Fort Lauderdale, FL May 2002 – Jan 2008
Audit and Risk Review Director
Global liaison for 49 auditors located in the USA, Latin America, Europe, and Asia, covering business applications, end-user computing, information security, operations and business continuity.
Developed and implemented a risk-based methodology for business application reviews, which streamlined the coverage of over 3,500 corporate applications.
Lead auditor for Technology Infrastructure entities covering multiple complex platforms (Mainframe, AS400, Oracle, DB2, Win-SQL, UNIX, LAN, WAN and Voice).
Coordinated the audit plans for the technology entities in Latin America (16 countries).
VIRIATO LEAO ***********@*****.*** Page 3
RELEVANT EDUCATION & CERTIFICATIONS
Bachelor of Science (BS), Accounting, University of Phoenix, Phoenix, AZ
Bachelor of Science (BS), Industrial Engineering, Universidade Federal do Rio de Janeiro, RJ, Brazil
Application Design (Graduate Extension) - Pontificia Universidade Catolica do Rio de Janeiro, RJ, Brazil
MSc Cybersecurity (Ongoing) - Georgia Institute of Technology, Atlanta, GA (to be concluded in 2025)
CISSP – Certified Information Systems Security Professional – ISC2, 2023
CISA – Certified Information Systems Auditor – ISACA, 2018
CISM – Certified Information Security Manager – ISACA, 2016
CPSP - Certified Payment Security Practitioner (PCI-DSS) – Network Intelligence, 2021
CPFA - Certified Professional Forensic Analyst – Network Intelligence, 2021
CWASP - Certified Professional WEB Application Security Professional – Network Intelligence, 2020
SCCP - Certified Secure Cloud Professional – Network Intelligence, 2021
Privacy for Professionals – Georgia Tech / IAPP, 2024
Contact this candidate