Víctor Calabria

Experiencia profesional

JTI (Japan Tobacco International)

2 años 6 meses

Cyber Prevent Manager

noviembre de 2023 - Present (8 meses)

Madrid, Comunidad de Madrid, España

Leading Cyber Prevent Team as part of JTI Global SOC with direct report to

Cyber SOC Director.

Under this role I am charge of two different teams :

* Cyber SOC Vulnerability Team

> Monitoring end-to-end vulnerability lifecycle for all the servers and

workstations deployed along JTI Global.

* Cyber SOC Compliance Team

> Ensuring all Cyber SOC JTI policies are correctly deployed and establishing

the right security actions for all the deviations detected.

Main accountabilities :

--> Lead and coordinate all members under VM and Compliance (4 FTE)

--> Design all operational processes

--> Define and monitor SLA for all the processes executed in Cyber Prevent

--> Tenable, ServiceNow and BitSight operation

--> KPI dashboard for management

--> Determine cyber strategy improvements for every year, ensuring JTI is

always protected from the new threats.

--> Collaboration with other Cyber SOC Teams like Incident Response and

Threat Intelligence

Cyber Security Vulnerability Manager

enero de 2022 - noviembre de 2023 (1 año 11 meses)

Madrid, Comunidad de Madrid, España

Page 1 of 4

As part of JTI SOC Team, I report directly to Cyber SOC Director, leading

Vulnerability Management team. Main accountabilities:

--> Leading a team of 3 FTE

--> Worldwide responsible of vulnerability management for JTI Group (~22

Countries, 40k employees), including all servers and workstations

--> Provide support to relevant stakeholders to get the vulnerabilities fixed in

the most efficient and quicker way.

--> Defining strategy and plans to mitigate vulnerabilities and maintain always

the desired KPI and SLAs defined

--> Monitoring new threats and zero-day to protect in advance JTI

infrastructure

--> Operation and maintenance of vulnerability scanner

--> Use of ticketing tool to manage all requests to fix vulnerabilities

(ServiceNow)

--> Responsible of company patching. Identifying which patches must be

applied every month and ensuring the patch are correctly deployed as part of

defined SLAs

--> KPI dashboard for management

--> Supporting Incident Team with vulnerability scans and analysis

Vodafone

3 años 11 meses

Global Cyber Security

abril de 2019 - enero de 2022 (2 años 10 meses)

Madrid y alrededores

* Global Vulnerability Manager

-> Lead vulnerability management team for Vodafone Spain. 3FTE under my

responsibility.

-> Lead pentesting activities.

-> Full vulnerability lifecycle process. Prioritaze and remediation based on

severity classification standards.

-> KPI/KRI dashboard for management.

-> Vulnerability Management policies and patching process related.

-> External vulnerabilities notification process management. New threats.

Zero-day.

-> Provide analysis for relevant security incidents.

-> Budget management for services related with vulnerabilities and pentesting.

* Compliance :

-> ISO27001

-> ENS (National Security Framework)

-> Responsible end-to-end to achieve new certifications and renew the old

ones.

-> Responsible to support internal and external audits for this regulations

*Supplier Risk Management

-> Responsible of security onboarding process to Vodafone

-> Addressing security within supplier aggreements

-> Monitoring and review of supplier services

*Privacy Champion for CyberSecurity. Support to local DPO Office.

Information Security & Privacy GDPR Project Manager

marzo de 2018 - abril de 2019 (1 año 2 meses)

Madrid y alrededores, España

* Data privacy:

** GDPR Project Manager:

-> Direct report to DPO - Vodafone Spain Group

-> Responsible for GDPR Program for Vodafone Spain Group ( Vodafone

España, Vodafone Enabler and Fundacion Vodafone )

-> Coordinate local GDPR PMO with Vodafone Group ( Lead PMO ).

** Data Protection Audit responsible ( for LOPD and GDPR )

* Compliance :

-> ISO27001

-> ENS (National Security Framework)

-> Responsible end-to-end to achieve new certifications and renew the old

ones.

-> Responsible to support internal and external audits for this regulations

EY

Senior - IT Risk & Assurance

octubre de 2012 - marzo de 2018 (5 años 6 meses)

Madrid y alrededores, España

Vodafone (Sept 2013 - March 2018)

- Data Privacy

- Privacy audits

- ISO 27001

- Security assessments

For several customers (oct 2012 - sept 2013) ;

- Projects related to the spanish data protection law LOPD

- IT business process audits

- SAP R/3 security and Segregation of Duties (SoD) reviews

- Audit of General Meeting of Shareholders

- Business processes reviews including finance, revenue, expenditure,

inventory and payroll.

- Internal Control and Risk Analysis.

- Identity and Access Management.

DYCEC

Intern at Development Department

abril de 2012 - septiembre de 2012 (6 meses)

Tres Cantos , Madrid

Web application development.

Projects from Telefonica and Orange