Allan Santos

Experience

• 

  Public Ministry of the State of Minas Gerais

  Feb 2014 - Oct 2014

  Intern
• 

  Telemont

  Oct 2014 - Feb 2018

  Regional Legal Assistant
• 

  Ferreira & Chagas Advogados

  Feb 2018 - Oct 2018

  Civil Lawyer
• 

  Telemont

  Oct 2019 - Dec 2021

  Legal Corporate Assistant

  Main activities:• Performance in Shared Services (SSC) executing routines of the legal sector• Analysis of documents and dealings with internal sectors, including strategic processes.• Powering the TOTVS RM and FLUIG platforms.• Weekly meetings with the systems development team to validate new flows in the FLUIG system, suggest improvements and user tests.Main projects:• Cleaning the RM TOTVS database and analyzing indicators on the dashboard (BI Tool)• Standardization of query items• Identify and eliminate inconsistencies• Interpret results Show less

• 

  Vallourec South America

  Jul 2022 - Sept 2022

  Data Analyst

  Main activities:• Direct report to the Governance, Performance & Supply Processes Team Leader of VSB (Vallourec Soluções Tubulares do Brasil S.A.)• Support to the supply team in digital initiatives, identification, mapping, planning and management of improvements and integrations of information systems;• Development of dashboards in Power BI, Automated Flows in Power Automate and Forms, RPA, reports, models and websites;• Support to users in the supply area (Supply Chain) and application support.• Data extraction and processing - SQL.• SQL and DAX to build DAX measures and solutions in a data model.• Modeling and data visualization using Microsoft Power BI.• Implementation of direct connectivity to the AWS and Azure cloud.• Survey of functional and non-functional prerequisites for data storytelling business (creation of mockups and wireframes).Main projects:• Design and development of Corporate BI (South America and United States)• Design and development of BI for Supplies Inflation Index Show less

• 

  KPMG Brasil

  Sept 2022 - Jul 2024

  Information Technology Auditor | IT Auditor

  Main activities:• Audit of IT General Controls (ITGC) and ITAC covering aspects of information security policies, access data management, segregation of functions, change management, project development and IT operations;• Data analysis using the IDEA tool.• Experience in assessing and documenting IT risks and business processes, reviewing access profiles and segregation of functions in ERP systems, reviewing internal controls in accordance with the requirements of the Sarbanes-Oxley Act (SOX);• Process mapping, detection and validation of internal controls in the IT area (ITGC) and preparation of process flowcharts;• Responsible for carrying out Information Technology tests, through the identification and testing of the main existing controls. Show less

• 

  EY

  Jul 2024 - Jan 2025

  IT Audit and Cybersecurity Consultant

  Member of the Business for Financial Services area in projects facing the financial market / Financial Services (FSO), in client of the financial segment through a single area/ service line that unites different specialties (Audit, Consulting, Technology, etc.) to meet this sector in a comprehensive and customized way.Main responsibilities:• Assisting customers with internal reviews and/or audits;• Advising on business processes, seeking opportunities for process improvements, risk mitigation, failures in the execution of processes and risks not covered related to Information Technology;• Evaluation of general IT controls (ITGC), in accordance with EY’s internal methodology and global market standards presented in ITIL (Information Technology Infrastructure Library), COBIT (Objective Control for Information and Technologies) and ISO/IEC 27001;• Cyber security risk assessment;• Consulting and analysis of environments and systems using cybersecurity frameworks such as NIST and/or CIS;• Understanding processes and controls related to software implementation and/or systems migration;• Advice and evaluation of software asset management controls (Asset management software) that address compliance risks and assist in optimizing/reducing costs with software contracts. Show less

• 

  CEMIG

  Jan 2025 - now

  Risk and Internal IT Controls Consultant

  I work in a company subject to the requirements of the Sarbanes-Oxley Act (SOX), focusing on the identification, evaluation, and mitigation of information technology risks. My work aligns with the guidelines of ISO 31000 and governance frameworks such as COBIT and ITIL to ensure regulatory compliance and the effectiveness of internal controls.Key responsibilities:• Execution of Design Tests (TOD): Conducting detailed tests to evaluate the effectiveness of the design of IT internal controls, ensuring they are adequate to mitigate identified risks within the SOX framework.• Remediation Management: Actively participating in the execution of activities aimed at remediating gaps and deficiencies identified during internal, external, and internal control audits. This includes direct interaction with internal teams and external auditors to conduct analysis, documentation, and implementation of necessary corrective actions.• Test and Quality Review: Performing technical reviews of Design Tests (TOD) and Operational Tests (TOE) to ensure compliance with established standards and the effectiveness of risk management measures.• Technical Support: Providing specialized support to the team, contributing to the development and implementation of robust IT controls aligned with organizational goals and risk management best practices. Show less