Software Engineering Security Officer

Mauro Velazco

****.****@*****.***

Phone: +34-662-******

Extract

Performance-driven Architecture with 21 years of experience in the design, development, and management of complex computer systems. Strong background in Digital Banking, Retail, Public and Telecom sector. Implementing and supporting complex infra. Drive technological advancements and strategic direction in the highest level of several organizations. Tech Leadership in Software Engineering management, Network Security, System Architecture, AI, SAP Security and Cloud. Enterprise Architect experienced with providing Executive level support. Work Experience

Dec 2024 – Current…

Global Infra&Ops Security Officer

Holcim; Spain.

Delivery of point services such as vulnerability assessments, project risk assessments, vendor assessments.

Ensure that policy compliance is appropriate to the organizational and Business Unit’s level of risk acceptance.

Developing and implementing an information security strategy, measures to prevent cyberattacks.

Customize roles to match specific needs and responsibilities within an organization in SentinelOne.

Provides comprehensive visibility and protection across diverse cloud environments using Wiz platform.

Use Wiz to build an up-to-date representation of cloud setup across network, compute, application & vulnerabilities.

Management and evolution of Security strategy, and related processes and tools, for SAP Platform team.

Develops and implements robust Business Continuity strategies to ensure the resilience of critical business operations.

Defining and maintaining policies and documentation regarding security programs.

Evaluate segregation of duties controls to accommodate new business processes and transactions introduced by S/4.

Best practices to refine team structures, culminating in how SentinelOne fortifies enterprise-wide security initiatives.

Work closely with other high-level executives to develop all-encompassing security strategies.

Manage specific security services, including web protection, Certificate Services, Privileged Access.

Oversee the administration and management of SAP security, ensuring the effective execution.

Lead Support and maintain all production, test and development infrastructure, systems and software.

Conducts routine testing and simulations to assess the efficacy of Business Continuity plans.

Provide technical guidance to SOC managers about supervising the security operations team.

Ensuring data protection, securing assets and infrastructure, and selecting effective IT security measures.

Works with purchasing in selecting and auditing vendors or subcontractors. May 2024 – Nov 2024…

Customer Landscape Architect

Atos; Spain.

Steer architecture decisions within the design and architecture review process.

Discovering and implementing new technologies that yield competitive advantage.

Collaborate with other department heads to ensure architectural alignment with business objectives.

Lead on the development and delivery of the Architecture plan across the county global services.

Refining strategies as needed to strengthen the organization's resilience.

Define capability and systems roadmap and key architectural trade-offs across multi-client customers.

Evaluate and select appropriate software or hardware and suggest integration methods.

Identify the essential business functions, determine the critical systems and processes that must remain operational.

Determine security protocols based on business strategies and requirements.

Identifying security risks and gaps in IT systems to create a risk management plan.

Assess and mitigate authorization risks while ensuring proper assignment throughout the SAP user lifecycle.

Prepare and present project reports and updates to clients and senior management.

Defines and maintains security policies and procedures that are aligned to industry best practices.

Responsible for reviewing the project specification under the direction of the Lead and Design Architect.

Define technology architecture principles to provide guidance to the technology architecture.

Provides engineering level expertise for Infrastructure Engineering, Implementation and Support.

Provide strategic leadership and expert consulting on SAP S/4HANA projects, focusing on security and controls.

Influence and drive application owner commitment by proactive engagement, facilitation, and planning.

Designing network systems to meet operational demands and industry standards. August 2023 – March 2024

Global Lead Security Architect

Getronics; Spain.

Lead architectural reviews and work with business leaders to manage business risks created using technology.

High-level design solutions for business applications, systems, portfolios, infrastructures.

Lead End to End of Security IT value proposition, with most relevant partners.

Head of developing and implementing technology strategies and for managing the company's tech infra.

Maintain efficient operational oversight, optimize resource distribution, uphold business continuity.

Demonstrated expertise in SoC architecture in high-performance computing systems.

Integrations Strategy and Value Engineering: Contribute towards the execution of client’s integration strategy.

Experience with ability to create custom dashboards, perform event correlation.

Solve complex monitoring requirements across a variety of infrastructure, O/S, platforms, and applications.

Contribute and enhance Data Platform capability by bringing new tech s through tool evaluations, conducting PoCs.

Technical leadership of software engineering teams in the development of computer apps.

Create comprehensive SAP security documentation, ensuring adherence to established standards and best practices.

Cross-Departmental Collaboration: Work in tandem with various internal departments, including engineering.

Product management, and executive leadership, to ensure technology initiatives are well-integrated.

Finding key opportunities for business development, collecting relevant information to improve products or services.

Managed project budgets and schedules, completing projects on time and within budget.

Support continuous improvement through cost engineering techniques and processes.

Identify inefficiencies and cost optimization opportunities (Cost Model).

Ensure high performances of SLA and handle Security Architecture ongoing activities, service. June 2022 – August 2023

Senior Cloud Architect

Metyis; Madrid, Spain.

Defines, implements, and provides oversight over consistent architecture and technology governance practices.

Responsible for Solution, Enterprise, and Security Architect duties in high-level.

Advised Green Dot executives (CEO, COO, CFO, etc.) on stakeholder business, providing insight into the current system.

Cloud Planning approach and strategy to ensure smooth integration.

Partner with business and IT leadership to align with and deliver plans, strategies.

Design secure patterns and produce guidance to reduce risks through opinionated architecture.

Identify and Analyse Cloud Infra architecture gaps to propose new technologies.

Evaluate and selection of software product standards, as well as the design of standard software configurations. August 2016 – May 2022

Shared Operations Systems and Cloud

AXA; Madrid, Spain - Paris, France.

Define the vision and roadmap for the engineering team and develop their future architecture.

Architecture, DevOps, and all workflow Administration about the following Apps: Digital Web, IAM, OpenShift, etc.

Analyse the impact of the solution on the state of the business goals and outcomes of solution implementation.

Lead of development and delivery of optimal and exceptional support of JENKINS solutions.

Support the strategy. Microsoft Azure Global DevOps, Migration, Monitor, Security, etc.

Communication and Improvement plan with CC & CoE.

WebMeth re-engineered processes to leverage advantages (Business area).

Creating organization-specific training documentation.

Cloud computing expertise internally and externally to drive Cloud Adoption.

Knowledge of various complex IT ecosystems besides cloud architecture.

Plan migration of on-premises infrastructures Cloud infrastructures.

Designing, implementing and supporting Cloud for Customer (C4C).

API management and governance best practices, design, and management tools. January 2016 – July 2016

Business Application Security Specialist

SICPA S.A; Madrid, Spain – Lausanne, Switzerland.

Establish and maintain strong relationships with key stakeholders, including clients, partners, and vendors.

Build and maintain core infrastructure to enable scaling and support business growth.

Security & authorizations SAP Admin (Develop, Create and Admin) in the following modules: Controlling - Customer.

Demand Planning, EH&S and RM, Finance, Human Capital Management, Inventory, Investment Management.

Master Data Management, Order to Cash, Plant Maintenance, Procure to Pay, Project System, Quality Management.

Managing datasets for reporting (BBDD and Operations)

Microsoft Office SharePoint server portal implementation and upgrade.

Scalability, Interoperability and Portability Analysis.

KPI s aligned with the IT, HR, and Logical Security Department.

Service to manage identity (Authentication) & access (authorization): Account creation & authorization request.

Role modelling and the approval workflow.

Maintenance and Information Systems Maintenance and Management improvements.

Lead a team of API developers in delivering large and complex API solutions. 2002 - 2015

Information Security Supervisor

Montana Inc.; Valencia - Venezuela.

Led cross-functional project teams in the selection and implementation of information systems.

Programmer analyst ABAP, Exits, Objects, Workbench, Smartforms, Sap Scripts, Gateway.

Information Security Process owner and Service Manager (Level 2–3).

Risk & Control, business processes and data structures Lead Process.

Constant improvement of processes and procedures with AWS managed services.

Coordinate priorities between the IT department and final users.

Estimated project budget and describe the main project expenses.

Ensure integration of IT and business systems starting with HR by including distribution lists, ad groups & security flow.

Vendor Management Services (Development SAP, BASIS, Oracle, web portals, databases.

SAP Access to all systems in all environments (request for new roles, changes in roles).

Provide regular management reporting on IT activities, business projects and initiatives.

Governance, risk, and compliance (GRC) refers to a strategy for managing.

Support continuous improvement through cost engineering techniques and processes. Education

2002 – 2009 Universidad Tecnológica del Centro (Unitec)

- Networking and Communications Engineer.

Skills

Project Management - Systems Architecture - API and Web Services Design - Agile/Scrum Methodology - Continuous Integration Systems (CI/CD) - Design development – Problem/Solving and Decision/Making - Communicating effectively with all stakeholders - Cloud computing - Data science and analytics – DevOps - AI and automation - Infrastructure management - Digital transformation - Extensive experience in API design

- Client Relationship Management – Cross functional teams - Knowledge of open source principles and technologies - SAP Security - Budgeting and forecasting - Stakeholder management. Certifications

o Microsoft Certified: Azure Solutions Architect Expert. o ISSAP – Information Systems Security Architecture Professional. o AWS Certified Solutions Architect.

o Google Cloud Foundational.

o AZ-303: Microsoft Azure Architect Technologies.

o Microsoft Certified: Azure Fundamentals AZ-900.

o Certified Ethical Hacker.

o Cisco Certified CyberOps Associate.

o SAP Certified Technology Professional – System Security Architect o CSM – Certified ScrumMaster.

o Software AG Certified API Management.

o WebMethods Certified API Management.

o CCNA – Cisco Certified Network Associate Routing. o ISO 27001: 2005, Lead Auditor in Information Security: ISO 27001: 2005. o ITIL V3 - Foundations.

o ADM950 – SAP Security consultant.

o SSCP (Systems Security Certified Practitioner).

o Information Security Pro.

o SAP GRC Access Control.

o CCNP - Cisco Certified Network Professional.

o SAP NetWeaver Application Server Security.

o CRISC - Certified in Risk and Information Systems Control.

Contact this candidate