You're seeing this page as if you were . The main menu is still yours, though. Exit from immersion
Sandra Mendes Y FernándezSM

Sandra Mendes Y Fernández

Governance, Risk and Compliance

€300/day
Funchal, PT
8-15 years

Average response time: 1 hour

About Sandra

Governance, Risk and Compliance professional with 10+ years of progressive experience in information security governance, regulatory compliance, enterprise risk management, and audit readiness.
Experienced in implementing and auditing ISO Management Systems, including ISO 9001, ISO 27001, ISO 20000, ISO 22301, and ISO 42001, as well as CES and SOC2
Skilled in Third-Party Risk Management, Enterprise Risk Management, GDPR, AI Governance, and project management.
I help organizations implement international standards and translate complex regulatory and assurance requirements, including NIS2 and the EU AI Act, into clear, practical, risk-based action plans that enhance compliance, resilience, and operational maturity.
  • Portuguese

    Native or bilingual

  • Spanish

    Native or bilingual

  • English

    Fluent

Remote only
Primarily works remotely

Experience

  • Neptune Software
    Compliance and Risk Manager
    TECH
    January 2025 - Today (1 year and 6 months)
    Funchal, Portugal
    . Leading the Risk & Compliance function across EU jurisdictions, driving ISO 27001 and ISO 42001 programmes and acting as primary risk escalation point for the organisation.
    . Own and maintain the company-wide risk register across information security, supplier, services, and IT risk domains; lead the annual risk assessment cycle and translate outputs into time-bound mitigation plans.
    . Accountable owner for ISO 27001 certification and the AI Management System (ISO 42001); driving alignment with Cyber Essentials Plus (CES) requirements.
    . Act as primary escalation point for all risk and compliance matters, providing direct advisory support to leadership and cross-functional business teams.
    . Design and maintain the governance framework across EU jurisdictions, ensuring policies are current, proportionate, and consistently applied.
    . Lead AI governance: partnered with the AI Department to develop AI governance policies, codes of conduct, and EU AI Act compliance roadmaps.
    . Own GDPR compliance end-to-end
    . Monitor and interpret emerging EU regulation, NIS2, EU AI Act and operationalise requirements before regulatory deadlines.
    . Perform security and risk evaluations for new projects; collaborate with technical stakeholders to identify and remediate vulnerabilities, access controls, and infrastructure risks.
    . Lead and respond to RFP and RFI Security Questionnaires as primary accountable owner
    GDPR ISO 27001 ISO 42001 TPRM Risk Management
  • Talkdesk
    Compliance Specialist
    TECH
    August 2023 - January 2025 (1 year and 5 months)
    • Monitor and assess the organization's compliance with applicable laws, regulations, and industry standards.
    • Conduct regular internal audits and reviews to identify and address compliance issues (ISO 27001, ISO 22301, ISO 27701, ISO 27017, ISO 27018, SOC2 and HIPAA audits)
    • Develop, implement, and update compliance policies and procedures as needed.
    • Ensure that policies and procedures are communicated effectively to all employees.
    • RFP and RFI Security Questionnaires
    • Maintain accurate and up-to-date records of compliance activities, including audits, training, and corrective actions.
    • Prepare and submit reports to management and regulatory agencies as required.
    • Investigate compliance issues, incidents, and complaints and recommend appropriate corrective actions.
    • Collaborate with relevant departments to implement and track remediation efforts.
    ISO 22301 SOC2 ISO 27001 Compliance Governance, Risk and Compliance
  • eIDAS Trust Services
    Speaker
    January 2019 - January 2019
    R Funchal 19, Caldas da Rainha, Portugal
    Invited Speaker to talked about the eiDAS implementation and certification of a Trusted Services PKI
    eIDAS TRUST SERVICES

Recommendations

Be the first to recommend Sandra

Help this freelancer shine by sharing your experience working together.

These freelancer profiles also match your criteria

AgathaA

Agatha Frydrych

Backend Java Software Engineer

4.7

(3)

2

BaptisteB

Baptiste Duhen

Fullstack developer

4.6

(4)

5

AmedA

Amed Hamou

Senior Lead Developer

4

(2)

7

AudreyA

Audrey Champion

Web developer

4.3

(3)

4

Education

  • Management and Law Post Graduation
    ISCTE
    2026
  • Project Management Postgraduate Degree
    Universidade Europeia
    2024
    Focused on strategic leadership, change management, stakeholder management, risk management, business continuity projects, scope definition, agile project environments, project communication, planning, consultancy and technology projects, business models, project financing, negotiation, and decision-making. The program also covered certification processes, high-performance teams, procurement, quality, scheduling, knowledge transfer, risk and change management, progress monitoring, project closure, and continuous improvement.

Certifications

Skill set

Categories