Natalia Amores Quinteros

I oversee security risk and compliance for Philips's acquisitions and divestment's portfolio, including post-merger integration security activities. My role involves supporting, facilitating, and orchestrating the security risk management process, while ensuring alignment with policy and compliance standards. I provide strategic advice to decision-makers and business leaders on security risks, helping to safeguard the organization's interests throughout these transactions. I have participated in over 50 M&A deals, including several valued at billions of dollars.

As Director of Supplier Security, I managed a global portfolio of 1,000+ suppliers and led a diverse team to ensure robust third-party security. My responsibilities included negotiating security terms in multimillion contracts, designing and implementing a comprehensive security framework, and conducting ongoing audits across different regions to ensure supplier compliance. I collaborated with cross-functional teams worldwide to mitigate risks and maintain high security standards across all supplier relationships.

-Perform IT Compliance assessments on IAAS, PAAS, SAAS Cloud vendors' offerings. All relevant compliance areas for IT Operations: Security, FDA, SOX, HIPAA, Privacy, PCI and Export Controls.

-Cloud vendors security scoring

-Support Legal and Procurement during Cloud Vendors' multi million contractual negotiations

-SOX IT Audit management cycle: primary contact for all audits, oversee yearly planning and support during floor work.

-Execute, optimize and define where necessary the Compliance management program.

-Design, implementation and maintenance of control framework to support compliance assurance for defined compliance domains

-Compliance dashboards setup

-IT Compliance lead for Philips Authorization Board

As a Solution Lead for SAP Authorization area at Unilever Europe I have supported more than 80 projects and 100 small projects

• Solution Lead of the SAP Security area: evaluate, assess, design and review of the application security in Unilever Europe (ERP, APO, SAP BW, BI, XI) which comprises more than 15 productive environments and over 15.000 end-users

• Team lead of the Authorization Solution Management team (> 10 consultants in Europe and Asia). Managed resource allocation and budget estimations

• Consulting support to Risk Management Unilever counterparts in the Information Security space, pre-audit preparation activities and chair of the monthly monitoring and compliance internal meeting

• SAP HR Solution Manager support to deploy Global Invoice functionality and others small projects

• Proactive problem management and 3rd level incident resolution support

• Knowledge contribution to GRC 5.3 configuration and upgrade of sub modules Access and Process Control v10 modules.

As Sr. Security consultant I took part in the following assignments:

HRIS project at Philips (PBAS) Eindhoven, Netherlands

• Global SAP HR rollout: designed and implemented the global security template blueprint

• Prepared the country-specific implementations for country rollouts (England, Austria, Singapore and a special project called Rewards for Executives)

• Designed and implemented portal roles, structural profiles and customized tools to automate portal users' creation and portal roles assignment

• Designed User Administration, change requests procedures and the related supporting documentation that allowed a robust go-live and maintenance operations

• Monitored quarterly general IT control checks for Audit standard compliance

As Consultant of the Technology and Security Risk Services, Assurance & Advisory Business Services Division in Ernst & Young Argentina. I have participated in the following projects:

SAP related Assignments, including:

For the ExxonMobil Security & Control department:

• Maintenance of security roles for the HR businesses areas and support teams

• Maintenance of structural authorizations

• Ticket queue management and incident troubleshooting

Full design and implementation of the SAP HR security framework for Ondeo de Puerto Rico, Project ONDA SAP, Suez group

• Released management practices

• General controls review

• Backup and data recovery procedures and disaster recovery plans

• Physical security in data processing centers

• Outsourced functions and SLA agreements signed with third parties suppliers

Application Security Assignments

Auditing of the application security at several Financial institutions in Buenos Aires supporting the financial statement annual audit. Including:

• Validations in business critical fields

• Data accuracy and opportunity controls

• Process critical transactions and manual controls, analyzing interfaces with other applications, logical security design, user assigned profiles