Fernanda Lopes
Tarrytown,NY
Summary
Dynamic Cyber Security Executive with over 20 years experience leading teams and building security programs for large organizations specially in the financial and technology Whether leading cybersecurity teams or delivering consulting services, I am passionate about building strong cybersecurity programs that support business innovation and growth, without compromising on risk.
Overview
25
25
years of professional experience
1
1
Certification
Work History
VCISO
Tenchi Security
Tarrytown, NY
02.2023 - Current
- Implemented strategic initiatives based on NIST Cyber Security Framework, achieving over 120% enhancement in maturity score within 12 months for both organizations
- Established and directed multidisciplinary forum to evaluate adoption of Artificial Intelligence business and cybersecurity-related use cases, ensuring compliance with local privacy laws and segment regulations.
- Championed integration of best-of-breed enterprise security tools, including Akamai and Cloudflare WAFs alongside Dexguard and Arxan RASPs.
- Enhanced DevSecOps toolset through the replacement of outdated tools with budget-friendly SAST, DAST, and SCA solutions integrated natively into existing GitLab and Azure-based CI/CD pipelines.
- Developed continuous testing program, streamlining automation of effectiveness checks for crucial cybersecurity technologies, such as antimalware (CrowdStrike) and web browsing protection (Palo Alto).
- Championed adoption of Secure by Design principles in mobile applications, ensuring optimal balance between user experience and security robustness
- Developed AWS cloud security roadmaps integrated with cloud based, outsourced SIEM (Splunk and Qradar based) service providers.
- Restructured Identity and Access Management programs to ensure comprehensive coverage of privileged credentials in hybrid environments.
Led adoption of platforms including Sailpoint, CyberArk, and Hashicorp to enhance security protocols. - Lead the incident response of 2 nationally relevant cyber incidents, including the report to the National Data Privacy regulatory agency in coordination with specialized legal counsel.
Cyber Security Technology, Executive Director
Santander Brazil
São Paulo
03.2021 - 01.2023
- Oversaw cyber risk management for an ecosystem with over 30 subsidiaries and 130 vendors.
Enhanced TPCRM methodology to emphasize ransomware risk exposure, assessing vendor mitigation strategies.
Realized a 62% average risk reduction in one year by fostering collaborative efforts.
Implemented awareness initiatives to strengthen organizational resilience across the ecosystem. - Built a team responsible for automating application security controls (SAST, SCA, DAST, RASP) across 300+ business-critical applications.
- Reengineered Security Architecture function, securing talent and establishing processes to balance innovation speed with regulatory demands of banking segment
- Main cyber technology related projects involved the adoption of solutions for container and API security, pioneering both efforts in Santander globally
- Lead a team of around 50 resources based in São Paulo, and managed an annual budget of approximately US$15 million.
Director, Security Enablement
KPMG LLP
07.2014 - 01.2021
- Transformed cyber security service delivery from centralized to globally distributed model via offshoring talent in Mexico and India.
- Structured BISO function to align Digital Security Group with KPMG’s Audit, Tax, and Advisory lines of business.
- Restructured Security Architecture, Risk Assessment, and Penetration Testing teams (40+ FTE) for operational efficiency from mid-2018 to 2019.
- Led IT Security Architecture, Compliance, and Continuous Monitoring functions under CISO from mid-2016 to 2018, advancing security program maturity.
- Managed SOC program, producing over 20 annual SOC reports (Types 1 and 2) for firm-wide compliance.
- Joined KPMG in 2014 to establish Security Architecture function, fostering robust security frameworks.
- Collaborated with global leadership to form a Security Architecture Forum, developing layered security architecture against key threats.
Global Information Security Architect
New York Stock Exchange
01.2012 - 07.2014
- Designed and implemented information security controls for internal and customer projects.
- Conducted risk management activities, identifying risks in new technology adoption and service consumption.
- Led mitigation plans for risks associated with EMC and Nutanix platforms, Bitcoin Exchange, and Libor Index infrastructure.
- Reported executive summaries on risk management findings and mitigation strategies.
- Coordinated Software Security program, overseeing design reviews and metrics deployment.
- Integrated security tools with existing risk management program to enhance overall effectiveness.
- Reviewed security protocols for NYSET Virtual Private Cloud infrastructure to ensure compliance.
Information Security Technical Solutions Manager
IBM Brazil
06.2010 - 12.2011
- Member of the Solution Design Center of Excellence (SDCoE) team tasked with the design of sophisticated InfoSec solutions integrating IBM and partner products for large clients.
- Received Creating the Future of IBM Award as architect of technical proposal for US$ 5M GTP firewall project for VIVO.
IT Risk Advisory Services Manager
Ernst & Young
10.2009 - 05.2010
- Directed IT and Cyber Risk Advisory projects aimed at enhancing the maturity of cyber security and business continuity programs.
- Oversaw the implementation of governance best practices in client organizations, including ISO 27001, ISO 20000, and Cobit.
- Concentrated efforts on major Brazilian financial clients, including Serasa Experian, Redecard, Microsoft, and CCEE.
CISO and Business Continuity Director
TIVIT Tecnologia e Terceirização de Serviços
02.2006 - 10.2009
- Established and steered Tivit's ISO 27001 certified Information Security Management System, defining corporate information security policies and supporting initiatives.
- Led IT risk and business continuity functions supporting the IT Outsourcing Business Unit.
- Selected and operated information security solutions across all security architecture layers, enhancing overall protection.
- Achieved ISO 20000 certification in 2009 and ISO 27001 certification in 2006.
- Established BS 25999 compliant business continuity management framework for organizational resilience.
- Built TIVIT’s CSIRT in collaboration with national operators like Embratel and Claro to enhance incident response.
Information Security Coordinator
Braskem SA
09.2005 - 01.2006
- Established information security organization at Braskem to enhance operational integrity.
- Defined corporate security policy and strategic planning in line with best practices.
- Documented and oversaw implementation of IT controls for Sarbanes-Oxley compliance, with special focus on SAP security and segregation of duties (SoD) controls.
- Managed information security service providers, ensuring effective operation of firewalls and IDS.
Information Security Specialist
Optiglobe Telecomunicações Ltda.
, Brasil
09.2000 - 08.2005
- Design of information security solutions involving 'best-of-breed' products for customers, and the internal infrastructure of Optiglobe.
- Extensive experience in information security incident response.
Information Security Senior Consultant
Internet Security Systems
, Brazil
05.2000 - 08.2000
- Senior Information Security Consultant responsible for projects such as: implementation of ISS (later acquired by IBM) products, information security assessments and architecture reviews
Education
M.Sc. - Information Security Management
University of Sao Paulo (USP)
01.2003
Bachelor’s Degree - Computer Science
Institute of Mathematics and Statistics (IME), University of Sao Paulo (USP)
Brazil01.1998
Skills
- Over 20 years of experience in cybersecurity risk management, strategic planning, technology definition, and operationse by Design paradigm
- Executive-level communication and stakeholder management: extensive experience interacting with regulators, management boards, and executive teams
- Next-generation governance and compliance leveraging automation for data-driven cyber security risk reduction
- Systemic and critical thinking
Certification
- CISM, ISACA, 01/2009
- CRISC, ISACA, 01/2009
- BS 7799 Lead Auditor, British Standards Institute, 01/2004
Extracurricular Activities
Hispanic IT Executive Council (HITEC), Emerging Executive Program Fellow, 2017 - Present Work Group on Information Security of ABNT, Member, 2006 - 2012
Languages
- English
- Portuguese
Timeline
VCISO
Tenchi Security
02.2023 - Current
Cyber Security Technology, Executive Director
Santander Brazil
03.2021 - 01.2023
Director, Security Enablement
KPMG LLP
07.2014 - 01.2021
Global Information Security Architect
New York Stock Exchange
01.2012 - 07.2014
Information Security Technical Solutions Manager
IBM Brazil
06.2010 - 12.2011
IT Risk Advisory Services Manager
Ernst & Young
10.2009 - 05.2010
CISO and Business Continuity Director
TIVIT Tecnologia e Terceirização de Serviços
02.2006 - 10.2009
Information Security Coordinator
Braskem SA
09.2005 - 01.2006
Information Security Specialist
Optiglobe Telecomunicações Ltda.
09.2000 - 08.2005
Information Security Senior Consultant
Internet Security Systems
05.2000 - 08.2000
M.Sc. - Information Security Management
University of Sao Paulo (USP)
Bachelor’s Degree - Computer Science
Institute of Mathematics and Statistics (IME), University of Sao Paulo (USP)
Similar Profiles
Gary LalondeGary Lalonde
Founder at Tenchi GlobalFounder at Tenchi Global
Akeem FatunmbiAkeem Fatunmbi
Installer at Tenchi Family Karate ClubInstaller at Tenchi Family Karate Club
Alvin ArmanyAlvin Armany
Building Evacuation Supervisor-Fire Watch-Security Professional SpecialistContingency at Arrow Security;Mulligan Security; Classic Security; MAXIMUM Security; Security USA Inc.;AlliedBarton Security ServicesBuilding Evacuation Supervisor-Fire Watch-Security Professional SpecialistContingency at Arrow Security;Mulligan Security; Classic Security; MAXIMUM Security; Security USA Inc.;AlliedBarton Security Services
Austin MorganAustin Morgan
Performing Arts Teacher & Director at The Harvey SchoolPerforming Arts Teacher & Director at The Harvey School
MBENOVANDU KAAMBOMBENOVANDU KAAMBO
Caregiver at Personal Assistant (grandpa )Caregiver at Personal Assistant (grandpa )