Looking for a job

Carlos Carvalho

@decarvalhocarlos

Message

Cybersecurity advisor specializing in GRC, security-by-design, and audit-ready control programs.

Canada

Message

What I'm looking for

I seek roles where I can embed GRC into delivery, design scalable security patterns, lead risk assessments, and produce audit-ready evidence while partnering with architecture and executive stakeholders.

I am a cybersecurity and information security professional with 15+ years delivering governance, risk management, and audit-ready control programs across banking, telecom, and insurance sectors.

I translate frameworks such as ISO/IEC 27001, NIST, CIS and SOC 2 into pragmatic, evidence-based security requirements and act as a trusted advisor to project teams and enterprise architecture.

I lead threat and risk assessments, design security patterns for cloud and hybrid environments, and build repeatable artifacts and evidence libraries to streamline audit and compliance engagements.

I drive stakeholder alignment through concise risk narratives, executive dashboards, and prioritized remediation backlogs, and I have a track record of maturing SOC governance, detection tuning, and cross-functional delivery enablement.

Experience

Work history, roles, and key accomplishments

Current

Senior Information Security Analyst

Current

BOX Technology

Jul 2022 - Present (3 years 7 months)

Lead cyber risk and compliance for strategic initiatives, translating governance into project controls and architecture guardrails; conducted risk assessments and drove remediation to closure while delivering executive risk reporting.

GRC Risk Assessment NIST)Security Architecture SIEM Policy Development

Cyber Security Analyst

Intact

May 2021 - Jul 2022 (1 year 2 months)

Performed Tier 2 SOC incident triage and investigations across hybrid and cloud workloads; produced evidence packages, tuned detections to reduce false positives, and advised IAM/DLP stakeholders on control improvements.

Incident Response SOC SIEM IAM Detection Tuning Forensics

Senior Information Security Analyst

BOX Technology

Jun 2019 - May 2021 (1 year 11 months)

Authored and operationalized InfoSec policies and SOC governance, onboarding 40+ log sources and improving detection and playbook consistency; embedded security-by-design in BRDs and HLAs for strategic projects.

Policy Development SIEM Log Management BRD HLA Vulnerability Management Incident Response ITSM

Network Security Analyst

SecureOps Inc.

Feb 2019 - Jun 2019 (4 months)

Delivered multi-tenant SOC monitoring and investigations for MSSP clients, supporting telemetry onboarding, detection tuning, and incident response coordination with clear remediation guidance.

MSSP SOC Detection Tuning Incident Response Customer Communications

Cyber Security Analyst

Bell Canada

Dec 2017 - Feb 2019 (1 year 2 months)

Managed and audited 100+ firewall instances, enforced segmentation and access-control governance, and provided risk-based recommendations to reduce attack surface and support compliance checks.

Network Security Segmentation Access Control Compliance Risk Assessment Documentation

IT Infrastructure Security Team Leader

HSBC Global Technology Center

Nov 2012 - Jul 2015 (2 years 8 months)

Led multi-region security operations and governance across Brazil, India, Malaysia, and China; standardized processes, coordinated vendor assessments and penetration testing, and built team capacity through hiring and mentoring.

Security Operations Vendor Assessment Patch Management Governance Team Leadership Penetration Testing

Senior IT Security Analyst

HSBC Global Technology Center

Oct 2010 - Nov 2012 (2 years 1 month)

Operated core security controls including firewall, proxy and VPN governance; performed control reviews and coordinated remediation to maintain policy compliance and service resilience.

Proxy VPN Control Reviews Network Security