Luís Carlos Fernandes
Cybersecurity & Privacy Director
PwC Portugal
Luís Carlos Fernandes is the Director in the Risk Assurance Services (RAS) area of the Assurance department.
With extensive experience in auditing and consulting processes in systems, risks/controls, and cybersecurity.
At a glance
Areas of focus
- Cibersecurity
- Privacy
Professional background
Cybersecurity Audits;
Compliance assessments against different market standards (ISO 27001, NIST CSF, NIST SP 800-53, COBIT, etc.);
Regulatory compliance assessments against regulatory requirements such as EBA Guidelines (ICT & security risk management; outsourcing arrangements), ESMA Guidelines (Cloud Outsourcing Guidelines), NIS Directive and GDPR;
Definition and implementation of cybersecurity risk management frameworks and execution of cybersecurity risk analysis cycles;
Definition and implementation of Third-Party Risk Management frameworks;
Support to entities in On-site Inspection processes carried out by the supervisor/regulator;
Co-sourcing/Outsourcing of Internal Audit functions;
Independent audits according to ISAE 3000 and ISAE 3402 standards;
Post-implementation project audits;
Development of policies and procedures related to information security; Assessment of disaster recovery plans and business continuity plans;
Enterprise architecture assessment;
Execution of Business Impact Analysis; and
Cloud adoption, including security and cloud readiness components, as well as evaluation of the most suitable models (e.g., private, public, hybrid).
Education
- Degree in Computer Engineering from Instituto Superior Técnico;
- Advanced Development Program from Nova School of Business & Economics;
- ISO 27001 Lead Auditor certified;
- ITIL v3 Foundation certified.
