About Sandra
Portuguese
Native or bilingual
Spanish
Native or bilingual
English
Fluent
Experience
- Neptune SoftwareCompliance and Risk ManagerTECHJanuary 2025 - Today (1 year and 6 months)Funchal, Portugal. Leading the Risk & Compliance function across EU jurisdictions, driving ISO 27001 and ISO 42001 programmes and acting as primary risk escalation point for the organisation.. Own and maintain the company-wide risk register across information security, supplier, services, and IT risk domains; lead the annual risk assessment cycle and translate outputs into time-bound mitigation plans.. Accountable owner for ISO 27001 certification and the AI Management System (ISO 42001); driving alignment with Cyber Essentials Plus (CES) requirements.. Act as primary escalation point for all risk and compliance matters, providing direct advisory support to leadership and cross-functional business teams.. Design and maintain the governance framework across EU jurisdictions, ensuring policies are current, proportionate, and consistently applied.. Lead AI governance: partnered with the AI Department to develop AI governance policies, codes of conduct, and EU AI Act compliance roadmaps.. Own GDPR compliance end-to-end. Monitor and interpret emerging EU regulation, NIS2, EU AI Act and operationalise requirements before regulatory deadlines.. Perform security and risk evaluations for new projects; collaborate with technical stakeholders to identify and remediate vulnerabilities, access controls, and infrastructure risks.. Lead and respond to RFP and RFI Security Questionnaires as primary accountable owner
- TalkdeskCompliance SpecialistTECHAugust 2023 - January 2025 (1 year and 5 months)• Monitor and assess the organization's compliance with applicable laws, regulations, and industry standards.• Conduct regular internal audits and reviews to identify and address compliance issues (ISO 27001, ISO 22301, ISO 27701, ISO 27017, ISO 27018, SOC2 and HIPAA audits)• Develop, implement, and update compliance policies and procedures as needed.• Ensure that policies and procedures are communicated effectively to all employees.• RFP and RFI Security Questionnaires• Maintain accurate and up-to-date records of compliance activities, including audits, training, and corrective actions.• Prepare and submit reports to management and regulatory agencies as required.• Investigate compliance issues, incidents, and complaints and recommend appropriate corrective actions.• Collaborate with relevant departments to implement and track remediation efforts.
- eIDAS Trust ServicesSpeakerJanuary 2019 - January 2019R Funchal 19, Caldas da Rainha, PortugalInvited Speaker to talked about the eiDAS implementation and certification of a Trusted Services PKI
Recommendations
Be the first to recommend Sandra
Help this freelancer shine by sharing your experience working together.
These freelancer profiles also match your criteria
Agatha Frydrych
Backend Java Software Engineer
4.7
(3)
2
Baptiste Duhen
Fullstack developer
4.6
(4)
5
Amed Hamou
Senior Lead Developer
4
(2)
7
Audrey Champion
Web developer
4.3
(3)
4
Education
- Management and Law Post GraduationISCTE2026
- Project Management Postgraduate DegreeUniversidade Europeia2024Focused on strategic leadership, change management, stakeholder management, risk management, business continuity projects, scope definition, agile project environments, project communication, planning, consultancy and technology projects, business models, project financing, negotiation, and decision-making. The program also covered certification processes, high-performance teams, procurement, quality, scheduling, knowledge transfer, risk and change management, progress monitoring, project closure, and continuous improvement.
Certifications
- ISO 27001 Lead AuditorPECB2026
- ISO/IEC 42001 Lead ImplementerPECB2025