Roger Marques

Background

About Roger Marques

Resume about GRC Policy Development and Maintenance: Creating, reviewing, and updating organizational policies; Governance Management: Overseeing policy development, monitoring compliance, and maintaining robust governance structures; Risk Assessment and Mitigation: Conducting risk assessments for policy development, documenting effective mitigation strategies. Experience in internal audit and control evaluation. Guidance and Support: Providing expert guidance to project managers and teams on compliance matters. Identifying and implementing opportunities for policy alignment, coordination, and collaboration; Leadership in Strategic Projects: Leading input to major policy and strategic projects from design to implementation. Experience in project management (PMO). Audit: Experience in conducting internal audits, evaluating the effectiveness of internal controls and compliance with policies and regulations. Key Skills:**Professional Experience Summary:** 2024 IT and Information Security Risk Audit - 2nd Line of Defense; Implementation of IT/IS Internal Controls; Review of the SOD Access Management Process; Risk Analysis of Telephone Recordings; Management of RAS Indicators; Adaptation of the IT/IS Incident Response Plan;**2023** Risk Analysis of Technology Processes Review of Process Maturity for Problem Management Definition of Compensating Controls for Contexts Identified in SOD Matrix Risk Analysis of Critical Business Processes, Dependencies, and Technology Impacts Review of Technology Processes Based on ISO - SGS Requirements **2021~2022** Development and Implementation of Data Privacy Policy Implementation of Data Breach Incident Response Plan Implementation of Risk Analysis for Personal Data Processing Processes Reporting on the Company’s Data Privacy Maturity Level Oversight of One Trust - Data Discovery System Implementation Definition of Data Privacy Awareness and Training Plan Data Modeling and Loading Related to LGPD (General Data Protection Law)- Responsible for defining policies and guidelines according to- ISO 27701 - Information Privacy Management - CMN Resolution No. 4.893 - BACEN Resolution No. 4.658 - Review of Technology and Information Security Processes for LGPD Compliance **2020** Governance of Information Security Processes and Policies (SGSI - ISO 27001 and Cloud), ITIL, and COBIT - Review of Information Security Policies (SGSI - ISO 27001)- Process Auditing - ISO - ISO - ISO 27001 - ISO 22301