Luis Martinez

Experience

• 

  Ivanhoé Cambridge

  Jan 2005 - Oct 2019

  Implement the IT access role-based security system to process the new hire, transfers, and terminationsResolve access problems Contribute to update identity and access management proceduresEnsure the integration of data Initiate periodic reviews of identity and access management, collect information and make necessary changes in accordance with processes and proceduresEstablish and document processes and procedures, ensuring compliance managing user access appropriately and effectivelyProvide information and participate in a wide range of internal and external audits Show less

  • Identity and Access Management Analyst

    Jan 2013 - Oct 2019

  • Service Desk Technician

    Jan 2005 - Jan 2013
• 

  Fairstone

  Jan 2020 - Nov 2021

  Infosecurity Senior Analyst, Governance Risk and Compliance

  Manage risk by analyzing the root cause of security issues, impact to business, and applying knowledge of industry standards such as ISO27001 and SOC2.Work with Security Analysts to escalate situations that do not fall into established policies and procedures, and to write and maintain security written procedures.Develop and implement security solutions for multiple functional areas while providing security oversight for new systems and major system releases by reviewing system security capabilities, recommending improvements, and approving designs as part of the system development lifecycle.Coordinate and direct sessions with business and technical leaders regarding development and delivery of security solutions.Define secure configurations leveraging advanced technical knowledge and problem-solving skills in network, database, server, and desktop technology areas.Identify the need for and develop new and improved procedures and process control manuals, and apply procedures to establish the identity of users who require resetting credentials.Investigate security events for possible signs of intrusions, participate in incident response as part of a multi-disciplinary team, and manage access to the company's financial services according to procedures and policies.Guide users with security products used within the organization and conduct basic security awareness with users, while working with the IT Help Desk to resolve users' security issues and help educate the Help Desk with the organization's security solutions. Show less

• 

  FORTICA Cybersecurity

  Nov 2021 - Jun 2022

  Team Lead Governance Risk and Compliance

  Client: Commission des normes, de l'équité salariale, de la santé et de la sécurité du travail (CNESST)Developed an architecture and cybersecurity governance strategy, including a plan to migrate the non-production environment to the cloud, and created a summary of key cybersecurity risks related to the cloud infrastructure.Client: Régie de l'assurance maladie du Québec (RAMQ)Developed an operational security strategy, "DevSecOps," with the application development and cybersecurity team.Implemented a validation system and detected security vulnerabilities as part of the application development life cycle.Conducted static application testing, dynamic application testing, and software composition analysis to ensure comprehensive security coverage. Show less

• 

  KPMG-Egyde Cybersecurity

  Apr 2022 - Sept 2022

  Team Lead, IT Gouvernance, IT Risk Management and IT Compliance

  Client: Brain Canada :Creation of all policies, procedures, guidelines, and standards in accordance with ISO27001 frameworks.Client: Berkindale Analytiques IncLed a security posture aligned with SOC2 practices (Trust Service Criteria Security and availability), which included the assessment of controls in place and the production of the gap analysis report, as well as reporting to the client.Client: INOLed a security posture aligned with NIST CSF practices, which included the assessment of controls in place and the production of the gap analysis report, as well as reporting to the client.Client: CodeBoxxCollaborated with the team of instructors to teach the Cybersecurity Governance, Risk and Compliance Management modules of the academic program.Client: Major GroupLed the CyberSecure Canada certification, which included the evaluation of controls in place and the production of the gap analysis report, as well as presentation of the report to the client. Show less

• 

  Logibec

  Aug 2022 - now

  IT GRC (Governance, Risk, and Compliance) Manager

  - Implement NIST-800-53/ITSG-33, NIST CSF, ISO27001, SOC1, SOC2, and specific government requirements.- Conduct compliance audits and maturity assessments for SOC1, SOC 2, ISO27001/27002, NIST-CSF, NIST 800-53, and Canada ITSG-33.- Draft security guidance documents, policies, and directives.- Lead compliance monitoring tool and reporting implementations.- Update procedures according to legal and regulatory changes.- Coordinate audit missions with external auditors.- Analyze and control non-compliance risks via risk assessment and provide recommendations.- Foster a compliance culture through preventive actions and risk management awareness initiatives.- Attest and ensure company compliance during certification or follow-up audits.- Collaborate with the entire organization to maintain IT standards and compliance.- Maintain dashboards to report compliance status to senior management. Show less