User:Victor Pittol

Professional with strong information security and technology background with over twelve (12) years of experience. Currently, he is the Senior Manager in charge of the "Technology and Information Security" area which belongs to the line of service "Management Consulting" in PricewaterhouseCoopers (PwC).

He has experience as project management and team leader, planning and executing consulting projects in a variety of manufacturing, services, telecommunications, finance and energy’s companies.

His experience is focused on delivering value through information security projects related with controls and risk management in order to protect the companies’ assets. In addition, his experience includes projects related to IT Governance and IT process optimization, according to the business objectives. Among his academicals achievements, he is Systems Engineer and has a postgraduate specialization in Networking and Data Communications. Additionally, he has the international certifications LA ISO 27001 (Lead Auditor in Information Security), ITIL (Information Technology Infrastructure Library), CISM (Certified Information Security Manager), CGEIT (Certified in Governance of Enterprise IT) and CRISC (Certified in Risk Control and Information Systems).

Convenient is to remark, that the projects described below were executed several times during his professional career:

• BCM and DRP (Senior Manager responsible for this service in PwC VE since 2008).

• Information Security Governance implementation, considering the security organization, mission and vision, roles and responsibilities of the CISO including their staff, headcount capacity and segregation of duties, maturity level evaluation of the security processes, implementation plan to achieve the desired level of maturity, development of security policies and procedures. • Quality Assurance of projects implemented by third parties (consultants) regarding the designs of vulnerabilities remediation plans and implementation procedures of mitigating controls

• Development of information security strategic plans focused on the value it provides to business and the organization’s risk appetite

• Development of information security awareness plans.

• Design and advice on implementing process about logical and physical access, risk management and incident response.

• Risk management considering the life cycle of planning, identification, analysis and classification, risk mitigation plan and monitoring of new risk and threats.

• Information Security control assessment, considering the systems characterization, vulnerability identification, control analysis, impact analysis, risk determination and security controls recommendations to improve the security level in Routers, Firewalls, Databases, Operating Systems, Applications, Wi-Fi and networks design.

• Ethical hacking test (Internal, external and Web).

• Assessment related with PCI DSS V2, CobiT ®, ITIL ® and SOX 302/404 compliance.

• IT process optimization aligned with ITIL ®, considering change programs, incidents and problems.