ING Financial Services LLCVP. Information Risk Management
Apr. 2001 - Jun. 2008Assisted in the development, implementation and management of the Information Risk management function based on the ISO 17799 framework, Information Security Forum (ISF) best practices, IT SOX controls and COSO self assessments.
Designed, implemented and managed elements of the overall risk assessment process, including data classification, business impact analysis, Key Risk Indicators, asset inventories, risk gap analysis, SOX testing, IT audit gaps and remediation for critical business application, network infrastructure and end-user environments.
Designed, implemented and performed in depth application security architecture reviews for critical applications, networks, external connections, third party providers and databases.
Implemented and managed the Intrusion Detection Systems, Vulnerability Assessment solutions, database security, internet filtering, as well as the Operating Systems and Network hardening programs.
Coordinated all Latin American Units.