Summary
Overview
Work History
Education
Skills
Websites
Certification
Security & Compliance Technologies
Languages
Timeline
Generic

Elena SANTOS

Sofia

Summary

Seasoned cybersecurity professional with over 16 years of experience in designing, implementing, and maintaining robust security strategies across diverse industries. Proven expertise in risk mitigation, security governance, compliance, and cloud security. Adept at leading security initiatives, enhancing security frameworks, and driving organizational compliance with international security standards. Currently advancing skills in Application Security, Cloud Security, and SecDevOps to stay ahead of evolving security landscapes.

Overview

18
18
years of professional experience
1
1
Certification

Work History

Information Security Manager

Software AG
03.2024 - Current
  • Oversee and evaluate security processes, frameworks, and risk management initiatives
  • Collaborate with risk, compliance, and business security teams to achieve security objectives
  • Manage the lifecycle of security policies and standards, ensuring alignment with regulations
  • Represent information security in internal and external audits
  • Enhance the security governance framework to strengthen organizational security posture
  • Co-host and actively contribute to the Company Security Council, influencing strategic security decisions

Security Engineer

Smule
02.2020 - 02.2024
  • Led the implementation of ISO 27001-certified ISMS, ensuring compliance with international security standards
  • Developed and refined API security policies to enhance application security
  • Conducted third-party risk assessments to ensure vendors meet security compliance
  • Provided security consulting for internal projects, integrating security best practices
  • Managed vulnerability assessments via Vulnerability Disclosure Programs
  • Designed and implemented incident response procedures, ensuring swift remediation
  • Delivered security awareness training to employees, improving overall security culture
  • Established a risk management framework, improving risk identification and mitigation strategies
  • Streamlined the change management process for Operations, fostering collaboration and efficiency

Account Security Officer

DXC Technology / Hewlett Packard Enterprise
08.2011 - 02.2020
  • Managed security governance, risk management, and compliance across multiple projects
  • Led internal and external security audits, ensuring compliance with regulatory standards
  • Investigated and resolved security incidents, minimizing business disruptions
  • Developed and maintained security policies and controls to safeguard enterprise infrastructure
  • Facilitated cross-functional security collaboration to implement robust security measures
  • Managed vulnerability assessments and patch management processes

Information Security Analyst

HSBC Global Technology Brasil
05.2009 - 07.2011
  • Managed access control and conducted access reviews to enforce least privilege principles
  • Performed risk assessments to ensure systems' compliance with internal security policies
  • Conducted third-party risk assessments, evaluating vendor security posture

IT Development / IT Security Analyst Trainee

HSBC Bank Brasil
06.2007 - 04.2009
  • Assisted in SOX audit preparations, ensuring compliance with financial security controls
  • Monitored and audited user access, ensuring security policy adherence
  • Developed and enhanced web applications and system modules
  • Managed change control processes, improving software development workflows

Education

Bachelor’s Degree - Information Systems

SPEI (Sociedade Paranaense De Ensino E Informática)
Curitiba
07.2010

Master’s Degree - Water Supply and Sewerage Engineering

University of Architecture, Civil Engineering, And Geodesy
Sofia
01.2005

Skills

  • Teamwork
  • Interpersonal communication
  • Team collaboration
  • Cybersecurity strategy
  • Cloud security
  • Cloud computing
  • Application security
  • SIEM management
  • Identity and Access management
  • Compliance management
  • Information governance
  • Risk management
  • Security awareness training
  • Security policy development
  • Incident response
  • Change management

Certification

  • CISSP – Certified Information Systems Security Professional
  • CISM – Certified Information Security Manager
  • CCSP – Certified Cloud Security Professional
  • ISO 27001 LA – Lead Auditor for ISO 27001

Security & Compliance Technologies

ISO2700, NIST, NIS2, DORA, SOX,  GDPR, PCI DSS, ITIL, COBIT
Docker, Kubernetes, Gitlab, ArgoCD, Jira
Google cloud, AWS, Cloudflare, HarshiCorp Vault, Linux
Burp Suite, Cequence Security, Hacker1, KnowBe4, OWASP, Qualys, Nessus, Splunk, Wazuh, MITRE ATT&CK, Okta

Languages

English
Full Professional
Portuguese
Full Professional
Russian
Professional Working
Bulgarian
Native or Bilingual

Timeline

Information Security Manager

Software AG
03.2024 - Current

Security Engineer

Smule
02.2020 - 02.2024

Account Security Officer

DXC Technology / Hewlett Packard Enterprise
08.2011 - 02.2020

Information Security Analyst

HSBC Global Technology Brasil
05.2009 - 07.2011

IT Development / IT Security Analyst Trainee

HSBC Bank Brasil
06.2007 - 04.2009

Bachelor’s Degree - Information Systems

SPEI (Sociedade Paranaense De Ensino E Informática)

Master’s Degree - Water Supply and Sewerage Engineering

University of Architecture, Civil Engineering, And Geodesy

Similar Profiles

  • Ramya Vagdevi Salagrama

    Ramya Vagdevi SalagramaRamya Vagdevi Salagrama

    Software Engineer II at Software AGSoftware Engineer II at Software AG

    View Profile
  • Muhammad Hafeeze Zakaria

    Muhammad Hafeeze ZakariaMuhammad Hafeeze Zakaria

    Workplace Engineer M365 at Software AGWorkplace Engineer M365 at Software AG

    View Profile
  • Surajit Singha

    Surajit SinghaSurajit Singha

    Software Engineer Specialist at Software AGSoftware Engineer Specialist at Software AG

    View Profile
Elena SANTOS