Luiz Vieira
Haarlem,Netherlands
Summary
Accomplished cybersecurity professional with extensive expertise in cybersecurity strategy and governance, enterprise risk management, and regulatory compliance, including ISO 27001, SOC 1 & 2, GDPR, and NIST. Proven track record in cloud and infrastructure security across AWS, SaaS, and hybrid environments. Skilled in DevSecOps and secure SDLC processes, with a strong focus on policy management and GRC. Adept at board-level reporting, incident response, M&A security due diligence, and leading global teams. Committed to enhancing security operations through strategic roadmaps and threat intelligence while fostering security awareness programmes. Career goals include advancing leadership roles in cybersecurity to drive innovative solutions for business continuity planning and vendor risk management.
Overview
27
27
years of professional experience
12
12
years of post-secondary education
1
1
Certification
Work history
Global Director, Technical Audit & Assurance
Mambu
Amsterdam
2024.01 - 2025.08
- I lead Mambu’s global IT security audit and assurance function, reporting directly to the CFO and Management Board. My responsibilities include overseeing global internal audits, customer audits, and external certifications (ISO 27001, SOC 1 & 2), as well as aligning audit outcomes with enterprise risk priorities. I play a key role in supporting M&A activities and integrating security requirements into the company’s business strategy and product roadmap. My efforts ensure regulatory compliance, stakeholder trust, and long-term security resilience.
- Enforced compliance measures for adherence to industry standards.
- Directed team to deliver high-quality customer service.
- Championed change initiatives within the organisation for streamlined operations.
Principal, Security Assurance & Audit Services (EMEA)
Amazon AWS
Amsterdam
2022.08 - 2024.01
- At AWS, I managed third-party and customer audit engagements across highly regulated industries, helping to ensure compliance with ISO 27001, SOC 2, GSMA, and other frameworks. I led initiatives that resulted in unlocking over $2.8 billion in strategic contracts by resolving critical compliance blockers. I enhanced audit operations by implementing scalable processes, streamlined evidence management, and drove customer engagement that improved satisfaction and reduced audit friction.
- Increased customer satisfaction by resolving issues.
- Completed duties to deliver on targets with accuracy and efficiency.
Chief Information Security Officer (CISO)
Leaseweb
Amsterdam
2022.01 - 2022.08
- As Global CISO, I led the security strategy for offices in six countries, ensuring alignment with GDPR and other compliance standards. I implemented a strategic roadmap addressing security across people, cloud, business, and infrastructure domains. I also enhanced security awareness and built operational resilience by aligning security priorities with enterprise risk management and driving board-level reporting.
- Facilitated successful ISO 27001 certification process through rigorous preparations.
- Navigated complex regulatory environments whilst ensuring full legal compliance.
- Worked closely with legal team to achieve compliance with GDPR regulations.
- Collaborated with IT team to establish robust network security measures.
Global CISO
Kinly
Amsterdam
2020.11 - 2021.12
- At Kinly, I was accountable for the overall security posture and strategy, overseeing global policy development, vendor risk management, compliance programs, and training initiatives. I provided regular updates to the CIO and executive team, supported regulatory audits, and delivered metrics-based dashboards to track program maturity. I fostered a culture of security awareness, leading to improved user behavior and reduced organizational risk.
- Liaised with regulatory bodies to maintain compliance with data privacy laws and guidelines.
- Spearheaded training sessions for staff, increasing cybersecurity awareness.
Security Domain Architect / BISO
RTL
Hilversum
2018.06 - 2020.11
- In a dual role, I led both strategic security architecture and operational security governance. I championed a DevSecOps transformation, established vulnerability management and monitoring capabilities (SOC), and implemented secure SDLC practices. I also coordinated with RTL Group and Bertelsmann to align ISMS policies, risk assessments, incident response, and audit procedures across the enterprise.
- Provided technical leadership for effective team collaboration.
- Established robust security protocols to safeguard sensitive information.
- Organised regular technical reviews to ensure compliance with industry standards.
- Aligned IT strategies with business goals for maximum productivity gains.
CISO
OLX
Rio de Janeiro
2017.01 - 2018.05
- Built ISMS and security operations during full cloud migration to AWS. Conducted BIA, risk assessments, and created mitigation plans. Implemented awareness campaigns, DevSecOps, and vulnerability management using Qualys.
- Collaborated with IT teams for seamless integration of cybersecurity measures in system architecture.
- Evaluated emerging cybersecurity technologies to stay ahead in the competitive landscape.
- Initiated standardisation efforts across multiple departments improving consistency in handling sensitive data.
CISO & Security Architect
Atos
Rio de Janeiro
2014.10 - 2016.12
- Built full security infrastructure from scratch for the Rio 2016 Olympic Games. Led 12-person team, performed audits across 36 venues, and coordinated response with federal agencies. Delivered 24/7 secure operations in cloud-first Olympic event.
- Collaborated with IT teams for seamless integration of cybersecurity measures in system architecture.
- Organised workshops on information security best practices fostering a culture of security across the organisation.
- Provided strategic guidance on enterprise-wide risk management matters ensuring better preparedness against potential risks.
- Created an effective framework for managing user access controls, ensuring authorised access only to sensitive data and resources.
- Coordinated incident response activities, minimising damage from breaches or attacks.
- Developed a comprehensive Information Security Management System, enhancing company's overall security posture.
- Established a disaster recovery plan for business continuity during unforeseen situations.
Senior Manager, Forensic Technology & Discovery
Ernst & Young
Rio de Janeiro
2013.09 - 2014.10
- Led 25-member LATAM-wide team for fraud investigations and digital forensics. Delivered cybersecurity engagements including pentesting, malware analysis, and forensic reporting across multiple industries.
- Negotiated major contracts, achieving favourable terms for the company.
- Mentored junior managers, fostering a culture of continuous learning.
- Directed project management activities for timely delivery of projects.
Senior Security Expert
Petrobras
Rio de Janeiro
2011.08 - 2013.09
- Directed Secure SDLC implementation using SAMM. Reduced project cost 4x and trained 500+ developers. Managed pentest team, developed ISMS policies, and launched company-wide security awareness initiatives.
Security Instructor & Consultant
4Linux
São Paulo
2010.04 - 2012.01
- Designed and delivered training on pentesting, hardening, and digital forensics. Led consulting engagements in security assessments, malware analysis, and technical audits, serving both private and government sectors.
- Assessed individual pupil progress and adjusted lessons accordingly for better improvement.
- Prepared lesson materials including visual aids and handouts to support learning objectives.
- Presented complex information in an understandable manner to facilitate knowledge absorption.
- Engaged students with hands-on activities resulting in increased interest in subject matter.
- Developed comprehensive teaching plans, improved student understanding.
Security Analyst
Hawk Security
Rio de Janeiro
2000.03 - 2010.02
- Delivered penetration tests, incident response, and forensics for clients in various industries. Gained experience in customer-facing reporting and C-level communication of security risks and remediation plans.
Web Developer
UERJ / WebCIS
Rio de Janeiro
1998.04 - 2000.03
- For Brazil’s national missing persons project in partnership with Federal Police. Gained first exposure to data security and system development practices.
Education
Bachelor - Computer Science
Universidade do Estado do Rio de Janeiro (UERJ)
Rio de Janeiro 2002.01 - 2006.12
Bachelor - Philosophy
Universidade do Estado do Rio de Janeiro (UERJ)
Rio de Janeiro 1998.01 - 2001.12
Technical Degree - Informatics
ABEU
Rio de Janeiro 1995.01 - 1997.12
Skills
- Cybersecurity Strategy and Governance
- Enterprise Risk Management
- Regulatory Compliance (ISO 27001, SOC 1 & 2, GDPR, NIST)
- Cloud and Infrastructure Security (AWS, SaaS, Hybrid)
- Secure SDLC
- Board-Level Reporting
- Incident Response
- M&A Security Due Diligence
- Security Operations
- Leadership of Global Teams
- Crisis management expertise
- IT strategy development
- Strategic Roadmaps
- Threat Intelligence
Certification
CISSP, CFE, OSCP, OSCE, CEH, CHFI, GIAC GXPN, ISO 27001 Lead Auditor, AWS Practitioner, CompTIA Security+, CASP+, CySA+, Pentest+, ITIL, COBIT
LANGUAGES
Portuguese
Native
English
Proficient (C2)
Spanish
Intermediate (B1)
Dutch
Elementary (A2)
Timeline
Global Director, Technical Audit & Assurance
Mambu
2024.01 - 2025.08
Principal, Security Assurance & Audit Services (EMEA)
Amazon AWS
2022.08 - 2024.01
Chief Information Security Officer (CISO)
Leaseweb
2022.01 - 2022.08
Global CISO
Kinly
2020.11 - 2021.12
Security Domain Architect / BISO
RTL
2018.06 - 2020.11
CISO
OLX
2017.01 - 2018.05
CISO & Security Architect
Atos
2014.10 - 2016.12
Senior Manager, Forensic Technology & Discovery
Ernst & Young
2013.09 - 2014.10
Senior Security Expert
Petrobras
2011.08 - 2013.09
Security Instructor & Consultant
4Linux
2010.04 - 2012.01
Bachelor - Computer Science
Universidade do Estado do Rio de Janeiro (UERJ)
2002.01 - 2006.12
Security Analyst
Hawk Security
2000.03 - 2010.02
Web Developer
UERJ / WebCIS
1998.04 - 2000.03
Bachelor - Philosophy
Universidade do Estado do Rio de Janeiro (UERJ)
1998.01 - 2001.12
Technical Degree - Informatics
ABEU
1995.01 - 1997.12