Daniel Navarro Morende
Information Technology Audit Manager | CISSP, CEH, CISA, CGEIT
Sector: IT Services and IT Consulting
Member Since, July 13, 2023Open To Work
About Me
Extensive experience in the areas of Cybersecurity (SAP Security, Industrial Control Systems, Web Applications, Cloud Security, Network Security, Linux Security) and IT Governance, Risk and Compliance (ISO 27001, NIST 800-53, SOX, PCI-DSS, CIS Benchmarks), working for multinational companies from diverse markets (Domestic Appliances, Pharmaceutical, Utilities, Logistics). Adept of risk-based assessments and implementation of controls for a balanced risk mitigation, ensuring company success.
Education
-
Bachelor in Information Systems, Information Technology (2000 - 2004) Universidade Presbiteriana Mackenzie
-
MBA Corporate Strategic Management, Strategic Management (2010 - 2011) FIA - Fundação Instituto de Administração
-
Graduate Certificate in Information Systems, Information Technology (2005 - 2005) Griffith University
Work & Experience
-
TRUMPF (2023 - Present ) Cyber Security Manager
-
McKesson Europe AG (2019 - 2022 ) Information Technology Audit Manager (Cybersecurity)
• Lead of IT Internal Audits in the areas of Cybersecurity (SAP Security, Industrial Control Systems, Web Applications, Cloud Security, Network Security, Linux Security) and Compliance across the enterprise (USA and EU), for adherence to regulations and standards (ISO 27001, NIST 800-53, PCI-DSS, CIS Benchmarks). • Management of Internal Audits\' end-to-end lifecycle including: scope definition, fieldwork, recommendation of action plans, alignment with management and reporting. • Vulnerability Assessment of networks, applications and underlying layers through manual and automated methods (e.g.: Nmap, Burp Suite, Wireshark, etc). • Usage of Data Analytics (ACL, Excel) for data consolidation and extraction of information, leveraging factual assessment of findings and root causes.
-
McKesson Europe AG (2016 - 2018 ) Information Technology Audit Manager SOX
• Management of the IT SOX environment, supporting the European business units to implement IT General Controls (ITGC), perform annual self-assessments, remediate deficiencies and facilitate the relationship with the external auditors. • Management of Internal Audits\' end-to-end lifecycle in the areas of Cybersecurity and Compliance (ISO 27001, NIST 800-53).
-
Grupo Panpharma (2014 - 2015 ) Information Technology Governance Coordinator
• Team leader (5 employees) in charge of managing the following areas: Cybersecurity (incl. SAP Security), IT General Controls (ITGC), IT Compliance (SOX), Project Management Office, Contract Management and Budget Management. • Lead Cybersecurity initiatives throughout the company, including compliance with internal policies, vulnerability assessments, risk assessments and awareness campaigns. • IT Coordinator for the company’s SOX certification process, managing external and internal teams of specialists for self-assessments and remediation of actions.
-
Grupo Panpharma (2013 - 2014 ) Senior Information Technology Analyst
• Responsible for the Cybersecurity and IT General Controls (ITGC) compliance with the legal German requirements. • Responsible for the IT Risk Assessment including the financial impacts with the board of directors.
-
AES Eletropaulo (2007 - 2013 ) Senior Information Technology Analyst
Leader of initiatives for four companies of the group, aiming to achieve optimization of processes such as: Project Management, Incident Management, Problem Management, Systems Development Systems Lifecycle, Identity and Access Management, Strategic Planning and Satisfaction Surveys. • Leader of the IDM (Identity Management) team, managing an average of 2.200 access requests per month. • Monitoring of the IT strategic and operational KPIs through dashboard automation.
-
Novartis (2006 - 2007 ) Information Technology Analyst
• Quality assessment and continuous improvement of Change Management, Incident Management, Access Management, Project Management, Risk Management, Data Classification, Systems Validation (GXP) and Disaster Recovery (DRP) processes.
-
Philips (2002 - 2005 ) Information Technology Analyst
• Technical support of network infrastructure and workstations.