Chief Security Officer
Portugal
- Current
-
- Chief Security Officer at Banco Credibom, S.A.
- Past
-
- Security Services Manager at Novabase
- Senior Security Consultant at Novabase
- Security Consultant at Freelancer (Self-employed)
- Education
-
- Instituto Superior de Ciências Sociais e Políticas
- Instituto Superior de Ciências Sociais e Políticas
- Bombeiros Voluntários da Amadora
- Esumédica
- IIR Portugal
- Instituto de Formação Bancária
- Academia Militar (Military Academy)
- Instituto Superior de Ciências Sociais e Políticas
- Instituto Superior de Polícia Judiciária e Ciências Criminais
- Faculty of Sciences (University of Lisbon)
- SOPRAProfit
- BSI - British Standards Institute
- Bureau Veritas
- CERT.pt
- Disaster Recovery Institute / ContinuityLink
- Quint Wellington Redwood
- Portuguese Red Cross
- Recommended
-
17 people have recommended Jorge - Connections
-
285
connections
- Industry
- Banking
- Websites
Jorge Pinto’s Summary
During these years in the security area, I've had the opportunity to work in several areas (implementation, consultancy, development, auditing) of the field as well as in several sectors (financial, public, telecommunication, health).
I maintain an information security website dedicated to posting news in portuguese @ http://infosec.online.pt.
Jorge Pinto’s Specialties:
My focus is Information Security, including policy development, process integration, presales, security design and implementation, business continuity, emergency and crisis management, auditing, training and awareness.
Sound knowledge in several standards, regulations and frameworks, including ISO 27001/17799/BS7799, BS25999, SOX, CobiT and ITIL.
Jorge Pinto’s Experience
-
Chief Security Officer
Banco Credibom, S.A.
(Banking industry)
October 2007 — Present (2 years 4 months)
In charge of developing the Information security program throughout the organization, regarding policy development, risk management, technical (IT/IS) security, business continuity, physical security, compliance, training and education.
Also participated in a Virtual Work Group from ENISA's Awareness Raising to publish the document Information Security Awareness in Financial Organisations. -
Security Services Manager
Novabase
(Privately Held; 1001-5000 employees; NBA; Information Technology and Services industry)
October 2006 — October 2007 (1 year 1 month)
Provided security consultancy to both public and private sectors and managed the security services team, budgeting projects, vendor selection, recruitment and staff management as well as project management.
Services provided included:
-Security assessments
-Policy creation and advice
-Secure infrastructure design and review
-Secure messaging design
-Security architecture
-Secure perimeter design
-Subject matter expertise
-Security management
-Risk management
-Business Continuity
-Disaster Recovery -
Senior Security Consultant
Novabase
(Privately Held; 1001-5000 employees; NBA; Information Technology and Services industry)
February 2004 — October 2007 (3 years 9 months)
Developed projects mainly with major clients by supporting the security function.
Major projects included:
- Internal Control Audit based on CobiT v.3 framework
- Sox Compliance Project
- Developing tools and processes in a major banking institution to implement 'always on' audit and management capabilities in the IT infrastructure.
- Collaboration in an Information classification project for a telecommunications company.
- Collaboration in the security requirements definition for the e-vote internet system used in the Portuguese legislative election. -
Security Consultant
Freelancer (Self-employed)
(Self-Employed; Myself Only; Information Technology and Services industry)
November 2002 — January 2004 (1 year 3 months)
While working as a freelancer I had the opportunity to develop my skills at several levels, the most important one being time-management.
Major projects:
- ISO17799-based audit in a major portuguese ministry and subsequent writting and implementation of a Security Policy.
- Several perimeter security implementations in banks and insurance companies.
- ISO17799-based audit in a major public institution. -
Security Consultant
Novabase
(Privately Held; 501-1000 employees; Information Technology and Services industry)
August 2001 — October 2002 (1 year 3 months)
Involved in several consultancy and implementation projects, as well as presales.
Major projects at Novabase:
- Involvement in the definition of requisites for certificate authorities in Portugal
- VPN implementation for a Medical Services company
- Several audits
- Implementation of strong authentication in a major public institution -
Security Consultant
Safenet/Secunet
(Privately Held; 1-10 employees; Information Technology and Services industry)
February 2001 — August 2001 (7 months)
Accumulated the positions of security consultant and presales at the portuguese branch of Secunet (http://www.secunet.de).
Major project at Safenet/Secunet:
- IS security audit for public sector company -
Consultant
Unisys
(Public Company; 51-200 employees; Information Technology and Services industry)
September 1999 — January 2001 (1 year 5 months)
Involved in standalone implementation projects (Firewall, IDS, antivirus, proxies) or integrated (security perimeters, PKI, desktop security rollout).
Major projects in Unisys:
- Security perimeter implementation for a homebanking project.
- PKI and digital certificates for online brokering project.
Jorge Pinto’s Education
-
Instituto Superior de Ciências Sociais e Políticas
Master , International Relations , 2009 — 2010 (expected)
Currently enrolled in the Master’s Degree in International Relations, specializing in the fields of Intelligence & Security.
-
Instituto Superior de Ciências Sociais e Políticas
Post graduation , Intelligence & Security , 2008 — 2009
Finished the course with a classification of 17 (from 0-20).
- Activities and Societies:
- Wrote the following essays:
- "The need for a cybersecurity strategy for Portugal"
- "Gender & Security"
- "Existing strategies to fight e-crime on the European Union"
- "Water: source of life, source of conflict"
- "Using standards to improve the national sense of security"
- Profile on a public figure
- "Skills and competencies for an intelligence analyst"
-
Bombeiros Voluntários da Amadora
Introduction to Firefighting Techniques 2009
1/2 day introduction to firefighting techniques, including theory and hands-on practice with fire extinguishers.
-
Esumédica
Ocupational Health and Safety for employer representatives 2009
Five days training focusing on OHS topics, such as legislation, risk analysis, health vigilance, safety, emergency, work conditions, etc.
-
IIR Portugal
Anti Money Laundering 2009
1/2 day workshop presented by Kenneth Rijock & Humberto Aguilar
-
Instituto de Formação Bancária
Anti Money Laundering & Terrorism Financing 2009
One day training with participation of the Financial
Intelligence Unit of the Portuguese Criminal Police -
Academia Militar (Military Academy)
Seminar , Building Network-Enabled Communities , 2008
Advanced Seminar + Crisis Management Exercise
-
Instituto Superior de Ciências Sociais e Políticas
Specialization course in terrorism 2008
Classification of 18 (from 0-20) with the paper "Cybercrime and Cyberterrorism".
-
Instituto Superior de Polícia Judiciária e Ciências Criminais
Workshop on cons, frauds and forgeries 2008
-
Faculty of Sciences (University of Lisbon)
Graduate , Informatics Engineering , 2007
4-year degree with specialization in Information Systems.
-
SOPRAProfit
CMMI Seminar 2007
-
BSI - British Standards Institute
BS/ISO/IEC 27001:2005 Lead Auditor Course 2006
-
Bureau Veritas
ISO 27001 ISMS System Builder 2006
-
CERT.pt
Building a Computer Security Incident Response Team 2006
-
Disaster Recovery Institute / ContinuityLink
BCLE 2000 Business Continuity Management for Advanced Professionals 2006
-
Quint Wellington Redwood
ITIL Foundation 2006
-
Portuguese Red Cross
First Aid Provider 2001
First course in 2001, recertified every 2 years
Additional Information
Jorge Pinto’s Websites:
Jorge Pinto’s Interests:
Reading, scuba diving, orienteering, movies
Jorge Pinto’s Groups:
ISACA Member, AP2SI
-
CSORoundtable -
Security-Jobs.info -
Certified Information Systems Security Professionals (CISSP) -
Information Security Expert Center -
BCMIX - Business Continuity Management Information eXchange -
ITSM (ITIL) Professionals -
ITIL V2&V3 (5000+) -
Security Crew -
CISO: Meaningful Metrics -
Digital Forensics Association (DFA) -
Black Hat -
ISECOM -
Information Security Community -
ISACA -
IT Infrastructure Library (ITIL) -
Identity Management Specialists Group -
Global Corporate Fraud and Compliance Professionals -
IT SECURITY EXPERT -
Computer Security and Forensics -
ISACA Professionals -
MSN Messenger -
Linked SCUBA Divers -
Save Our Sharks (SOS) -
COBIT 4.1 -
Business Continuity Management Professionals -
IT audit -
Global Information Security Professionals -
ISO 27000 for information security management (3000+) -
Lead Auditor ISO 27001 Community -
Information Security Network -
Fraud, Phishing and Financial Misdeeds -
Snort -
FCUL-DI Alumni -
Governance, Risk and Compliance Management (GRC) -
Information Security Professionals in Portugal -
Security Leaders Group -
Business Continuity & Disaster Recovery Consultants -
Novabase -
Divers Alert Network -
Risk, Regulation & Reporting
Jorge Pinto’s Honors:
Several acknowledged certifications, such as:
- ISACA Certified Information Security Manager (CISM)
- ISO 27001:2005 Lead Auditor,
- ISC2 Certified Information Systems Security Professional (CISSP),
- DRII Associate Business Continuity Professional (ABCP),
- ITIL Service Management Foundation,
- COMPTia Security+
- Microsoft Certified Systems Engineer (MCSE),
- CISCO Certified Design Associate (CCDA),
- CheckPoint Certified Security Administrator (CCSA) & Engineer (CCSE)
- Internet Security Systems Certified Security Professional (ISS-CSP)
- Websense Certified Systems Engineer (WCSE)
