Verified Expert in Engineering
Security and GRC Developer
Lucas is a seasoned professional with 23+ years of experience leading and scaling high-growth tech companies. He's passionate about digital transformation and cybersecurity, having implemented complex security programs, led successful acquisitions, and developed audit and compliance programs to safeguard against cyber threats while promoting business growth. Lucas brings a forward-thinking approach and a deep understanding of emerging threats to every role.
Windows, MacOS, Business Continuity, Business, AWS HA, Cloud Security, Risk Management
The most amazing...
...projects I've been involved in required me to lead four companies through acquisitions in banking, software, and startups.
Senior Director | Information Security
- Orchestrated the conception, deployment, and stewardship of governance, risk, and compliance (GRC), as well as information security, infrastructure security, application security, and complementary methodologies.
- Oversaw identifying and recruiting key personnel for a Series B startup recognized as a market leader by Gartner.
- Deployed all early-stage security and compliance tools while recruiting the first team members for app security and governance.
Head of Information Security
- Spearheaded the conceptualization, execution, and administration of IT and compliance strategies and GRC programs with a holistic focus on technology, processes, and personnel.
- Implemented and managed security tools, partner programs, vendor management tools, and GRC initiatives.
- Defined and managed SOC 2 compliance from ideation to final deliverables.
Director | Information Security
- Spearheaded security and GRC efforts across the European, Asian, and American regions, resulting in scalable, mature, and robust security and compliance initiatives during rapid growth.
- Managed security during rapid growth, ultimately leading to a successful acquisition by Citrix Systems for $2.25 billion.
- Built and developed the in-house security onboarding and annual certification programs while expanding the scope of SOC 2, ISO, GDPR, and related audit programs.
Security and Compliance Manager
- Played a pivotal role in driving the successful implementation and annual recertification of compliance programs such as GDPR, ISO 27001, SOC 2, Cloud Security Alliance, and Google Cloud.
- Held ownership of all internal and external audit processes. I served as the red team leader, assuming accountability for identifying and mitigating security risks throughout the organization.
- Expanded the SOC 2 and ISO scope and built the GDPR program from the ground up.
- Directed the design and deployment of the comprehensive enterprise risk management (ERM) program across multiple business units, including mergers & acquisitions (M&A), corporate, and consumer-facing divisions.
- Worked on the FedRAMP project, collaborating with cross-functional teams to ensure compliance with the rigorous security and risk management standards required by the US government for cloud service providers.
- Collaborated on the RSA Archer project, implementing the platform's GRC modules for SFDC to effectively manage risks, comply with regulations, and streamline business processes.
Vendor Information Security Manager
- Oversaw the implementation and administration of the global vendor information security program, including security assessments, contract negotiation, planning activities, and regulatory and legal reviews, in an ecosystem of 1,000 active partners.
- Managed all security and legal reviews for all contracts.
- Supervised and acted as the primary system administrator for RSA Archer.
Q&A: Meet the InfoSec Director Speaking Out About the Weakest Links in Business Securityhttps://em360tech.com/tech-articles/security-chain
I delve into this question in the latest interview I gave for EM360: https://em360tech.com/tech-articles/security-chain
Opinion Piece: Disengaged Employees Could Become Your Organization's Greatest Security Threathttps://www.infosecurity-magazine.com/opinions/disengaged-employees-org-security/
This is part of an opinion piece I wrote for Infosecurity. The complete publication can be found at https://www.infosecurity-magazine.com/opinions/disengaged-employees-org-security/
Expert Opinion: Safer Internet Day 2021 – The Experts Have Their Sayhttps://securityitsummit.co.uk/briefing/safer-internet-day-2021-the-experts-have-their-say/
I've been interviewed for Safer Internet Day 2021. The full publication can be found at https://securityitsummit.co.uk/briefing/safer-internet-day-2021-the-experts-have-their-say/
HubSpot, SOC 2, ISO 27001, Software, RSA, Vendor Management, Risk Management, Business Continuity, Vendors & Suppliers, Contract Management, Disaster Recovery Plans (DRP), Compliance, System-on-a-Chip (SoC), Business, Business Continuity Planning (BCP), Business Continuity & Disaster Recovery (BCDR), FedRAMP, Privacy, IT Audits, Legal, Enterprise Risk Management (ERM), Communication, Complex Problem Solving, Cross-functional Collaboration, IT Security, Security, Cloud Security, SIEM, Web Security, Internet of Things (IoT), OWASP, Vulnerability Identification, Information Security Management Systems (ISMS), System Administration, Vulnerability Assessment, Cloudflare, SFDC Configuration, GDPR
Salesforce Sales Cloud
Google Cloud Platform (GCP), Windows, MacOS