Summary
Overview
Work History
Education
Skills
Accomplishments
Timeline
Manager
Antonio Mendoza

Antonio Mendoza

Mexico City

Summary

More than 15 years' experience as an Information Technology (IT) professional with strong expertise in IT management, IT security management, and IT enterprise architecture. Demonstrated expertise in establishing and implementing information security programs. Designed and implemented automated tool-based vulnerability management framework that continuously monitors and detects Cybersecurity threats and vulnerabilities. Performed evaluations and selections of IT security tools and successfully implemented IT security systems to protect the availability, integrity, and confidentiality of critical business information and information systems. Highly skilled, dedicated and enthusiastic team player with excellent leadership and communication skills. Budgeting for SMB companies to provide the best tooling for them. Successfully conducted SOC2 and PCI-DSS certifications for clients.

Overview

8
8
years of professional experience

Work History

Senior Cybersecurity Engineer

IAM
09.2023 - Current
  • Worked with teams to develop company-wide information assurance, security standards and procedures.
  • Maintained strict adherence to regulations such as payment card industry (PCI) data security standard.
  • Offered preventive training to harden personnel against intrusion vectors such as phishing, ransomware and more.
  • Developed and maintained company-wide endpoint security solutions.
  • Worked with business partners to balance requirements, security and risk reduction.
  • Engaged business and technology stakeholders to gather goals and requirements.
  • Developed security metrics and technical analysis to give insight into performance and trends.
  • Created frameworks by designing and developing technical solutions.

Cybersecurity Instructor

EdX
04.2023 - Current
  • Tracked student progress, frequently checking in with struggling students and identifying root causes of problems.
  • Applied various teaching aids to minimize learning gaps and instruct and motivate students.
  • Tested and evaluated students on materials presented in workshops and classes.
  • Reviewed class and student records to identify improvement opportunities.
  • Optimized learning plans based on student performance and feedback.
  • Oversaw curriculum development and implementation in alignment with best practices.

Senior Cybersecurity Engineer

SecureOps
09.2021 - 09.2023
  • Conducted IT security audits to ensure effective implementation of security controls.
  • Ensured development and implementation of risk analysis processes and procedures for IT systems.
  • Defined risk mitigation strategies and reported significant changes to senior management.
  • Ensured vulnerability and threat assessments were performed to evaluate the effectiveness of existing security controls.
  • Developed and implemented Information Security Training and Awareness Program.
  • Maintained strict adherence to regulations such as payment card industry (PCI) data security standard.
  • Coordinated secure system access of users to various department systems and platforms.
  • Analyzed network security and current infrastructure, assessing areas in need of improvement.
  • Led technical upgrade projects for clients by working and coordinating with consultants and developers for integrations.
  • Excellent communication skills, both verbal and written.
  • Gained strong leadership skills by managing projects from start to finish.
  • Delivered services to customer locations within specific timeframes.

GRC Consultant

Versprite
12.2018 - 09.2021
  • Conducted statistical analysis and evaluated risk via use of portfolio management software.
  • Implemented financial risk management policies, limits and strategies that complied with standards and strategic imperatives of organization.
  • Identified key risks and mitigating factors of potential investments such as asset types and values, legal and ownership structures and industry segments.
  • Monitored industry, technological and economic developments to stay current on potential risks.
  • Devised new systems and specific processes to handle ongoing monitoring needs for potential risks.
  • Proven ability to learn quickly and adapt to new situations.
  • Applied effective time management techniques to meet tight deadlines.
  • Developed strong communication and organizational skills through working on group projects.
  • Compared industry-specific securities against outside metrics and each other to develop recommendations.
  • Developed short-term goals and long-term strategic plans to improve risk control and mitigation.
  • Researched, reviewed and recommended equipment, materials and supplies to prepare and maintain security expenses within approved budget.
  • Established measures, metrics, thresholds and targets to drive performance in alignment with security and other business strategies.
  • Developed and grew staff competencies through team development, implementation and support of specific training for various responsibilities.
  • Monitored use of data files and regulated access to protect secure information.
  • Recommend improvements in security systems and procedures.
  • Conducted security audits to identify vulnerabilities.
  • Provided professional services and support in a dynamic work environment.
  • Managed practical action plans to respond to audit discoveries and compliance violations.
  • Implemented improvement initiatives and developed compliance testing program to monitor and identify gaps in new and existing practices.
  • Collaborated with internal and external stakeholders, auditors and legal counsel to confirm compliance with applicable laws and regulations.
  • Prepared and submitted regulatory filings in timely manner.

Senior Information Security Analyst

Mercadotecnia, Ideas Y Tecnologia
01.2016 - 12.2018
  • Monitored use of data files and regulated access to protect secure information.
  • Conducted security audits to identify vulnerabilities.
  • Engineered, maintained and repaired security systems and programmable logic controls.
  • Developed, tested and implemented security policies, plans and procedures for organizational protection.
  • Analyzed network traffic and system logs to detect malicious activities.
  • Worked with other teams to enforce security of applications and systems.
  • Educated and trained users on information security policies and procedures.
  • Reviewed violations of computer security procedures and developed mitigation plans.
  • Drafted security reports and metrics to track security performance and strategize improvements.
  • Recommend improvements in security systems and procedures.
  • Analyzed network security and current infrastructure, assessing areas in need of improvement.
  • Implemented and maintained technology and software budget.
  • Managed life cycle replacement of hardware and software.
  • Implemented security measures to reduce threats and damage related to cyber attacks.
  • Evaluated hiring, firing, and promotions requests.
  • Managed large-scale projects and introduced new systems, tools, and processes to achieve challenging objectives.

Education

Master of Information Security - Computer Science

UNIR
España
12.2026

Master's Degree - Education

UTEL
Mexico
12.2024

Bachelor in Industrial Psychology - Cognitive Psychology

UTEL
Mexico
04.2023

Skills

  • Strategic Planning and Direction
  • Leadership
  • Business Process Improvement
  • Project management
  • Governance, risk & compliance (GRC)
  • Security Audits
  • Information protection and analysis
  • Risk assessment & compliance
  • Application white listing
  • Data loss prevention (DLP)
  • Disaster recovery planning
  • Vulnerability management

Accomplishments

Leadership

  • Developed and implemented enterprise security strategy and framework that consists of elements of NIST Cybersecurity frameworks, and ISO/IEC 27001 for Information Security.

Strategy and Planning

  • Developed and socialized Acceptable Use policy, Mobile Device Management (MDM) and Vulnerability Management policy, and many other security policies and standards to all users.
  • Established policies and procedures for system administrators to perform operating system and application patching.

Team Collaboration

  • Collaborated with large departments to establish enterprise security framework to accomplish common IT security objectives and leverage common tools to reduce costs.
  • Coordinated the activities of Information Security Officers to define and establish unified program-wide approach to address IT security issues and mitigate IT security risks.

Project Management

  • Managed the implementation of Enterprise IT Security Framework “Quick Wins” Road Map based on ISO27001 domains.
  • Managed IT Certification & Accreditation (C&A) program implementing tools to realize efficiencies and significant cost savings for C&A process, including developing IT security plans and processes.
  • Managed the security infrastructure migration project for a Fintech company, from design to completion through the use of the RACI model and threat modeling principles for a financial company

Timeline

Senior Cybersecurity Engineer

IAM
09.2023 - Current

Cybersecurity Instructor

EdX
04.2023 - Current

Senior Cybersecurity Engineer

SecureOps
09.2021 - 09.2023

GRC Consultant

Versprite
12.2018 - 09.2021

Senior Information Security Analyst

Mercadotecnia, Ideas Y Tecnologia
01.2016 - 12.2018

Master of Information Security - Computer Science

UNIR

Master's Degree - Education

UTEL

Bachelor in Industrial Psychology - Cognitive Psychology

UTEL

Similar Profiles

CREATE PROFILE
Antonio Mendoza