1. CV JUAN JOSÉ PORTAL SVENSSON
PERSONAL DATA
Address: C/ Costa Rica 23, 1ºA. 28016 Madrid, Spain.
Telephone number: +34600452989
e-mail jjportal@gmail.com
Date of birth: October 4, 1971
Nationality: Spanish
EDUCATION/QUALIFICATIONS
2009- 2010 Advance Management Program (AMP) IE Business School
1994-1996 Bachelor of Arts with Honours in Business Studies, Staffordshire University – Stoke On
Trent– UK.
1991-1994 Business administration Degree Universidad Islas Baleares UIB.
WORK EXPERIENCE
June 2002 – November 2011. FORBES SINCLAIR. Manager. International consulting company
specialized in the field of corporate governance and risk management, providing to their customers the
expertise and methodology needed to develop and implement a secure environment for business processes.
Main objectives:
- Business development
Identify and analyse new business opportunities. Prepare and submit proposals for consulting
services. Assist in the development and implementation of new business lines. Develop presentations
and workshops at sector events.
- Team management
In charge of managing, coordinating and assigning tasks to perform. Counselling to the team
members in their professional development.
- Project Management
Design the approach, criteria, structure and methodology of the projects. Identify priorities and
define project objectives. Managing customer relationships. Track the budgets, resource
requirements and deadlines. Ensure the implementation of the program with defined quality
requirements. Assist in conflict solution.
Definition, Development, Management, and Supervision of National Projects:
- Security Plan for a Group belonging to the Insurance Sector.
With a team of six consultants, design, launch and management the Director Plan project developing
the main objectives:
• Testing and measuring the security state.
• Compliance requirements and gap analysis.
• Compliance definition matrix.
• KSI and KAI (Key Security Indicators, Key Assurance Indicators) definition.
• Project planning (developing the scope statement, estimating the resource requirements for
the activities; estimating time and cost for activities, etc).
• Control of implementation (milestones management, objectives achieved and compliance
audits level).
• Preparation of presentations and reports to different parts of the company personnel
involved.
1 Updated October 10, 2012.
2. CV JUAN JOSÉ PORTAL SVENSSON
- Audit and Internal Control Programme in Insurance Company.
Definition, implementation, management and supervision a project with a team of four consultants in
order to develop an audit and internal control program:
• Analysis of the security situation (GAP analysis) and measurement of the degree of
maturity (COBIT metric). Definition of controls and application security.
• Management of business continuity.
• Permanent monitoring / supervision process.
• Information Security (ISO / IEC 27001).
• Risk analysis and management. Selection and implementation of controls.
• Development of monitoring reports, final reports and presentations to the company.
- IT Project Program Office (IT PMO)
Definition, implementation, management and supervision a project management office in insurance
sector:
• Definition of the portfolio and service catalogue (ISO / IEC 20000).
• Analysis and optimization of incident management.
• Advice on compliance with legal requirements.
• Preparation of documentation relating to procurement.
• Design of internal communication programs and training plan.
• Support in the preparation of bids and tenders.
- System Strategic Plans
To define the guidelines to be implemented by the Organization of Information Systems, with the
ultimate goal of optimizing and improving the performance of the IT organization:
• Definition and implementation of the strategic plan.
• Work to improve business processes and develop procedures.
• Analyse and diagnostic of model management control and decision-making and
applications used, SWOT creation and development of key recommendations and
suggestions for improvement.
• Design of internal communication programs and change management.
• Determination of the profile of the department team and trained.
- Define a Security Plan in PKI environments. Support security consultancy services in a company related
to pay media platforms.
• GAP Analysis.
• Support compliance.
• Support and advice for the definition of a Security Committee.
• Support and define roles.
• Define a Security control matrix.
• Support and define security indicators.
• Definition of corrective and preventive controls.
• Preparation and reporting.
2 Updated October 10, 2012.
3. CV JUAN JOSÉ PORTAL SVENSSON
Definition, Development, Management, and Supervision of International Projects:
- Master Security Plan in a financial institution.
Management and coordination of a group of five consultants in Latin America as part of the
Implementation of Security Plan, perform the following tasks:
• Design, launch and project management.
• Define the Scope.
• Monitoring and evaluation of project implementation.
• Preparation of master planning, budgeting and financial closures.
• Reporting and tracking presentations to management.
• Imparting safety training.
- MASTER (Managing Assurance, Security and Trust for Services) project.
MASTER is a collaborative project funded under the EU 7th Research Framework Programme. It is
aligned to the strategic objective 1.4 Secure, dependable and trusted infrastructures defined by the
European Commission in the FP7 ICT Work Programme. Main objectives:
• Support to define and to map the financial scenario.
• Define Key controls and security indicators.
• Define and develop compliance requirements matrix.
• To adapt the process to an SOA environment.
• Define the scope.
• Develop the project planning.
• Develop presentations and progress reports.
• Participate in international meetings, assemblies and conferences calls.
• Management and supervision functions.
• Develop final reports.
- Security Management Systems diagnostic and implementation in U.S. companies.
• Project phases definition.
• GAP analysis.
• Documentation development.
• Workshops.
• Final presentations and reports.
• Management in the Information Security field in U.S. companies.
Main Clients:
Cesce, Mapfre, Fraternidad Muprespa, IberCaja, Banco de España, Sermepa, Banco Santander, La Caixa,
Léelo, ICEX, Terra Lycos, Círculo de Empresarios, Global Outsourced Services, Canadian Bank Note,
Northrop Grumman.
3 Updated October 10, 2012.
4. CV JUAN JOSÉ PORTAL SVENSSON
October 1997 - June 2002. “Senior Consultant” GRMS (Global Risk Management Services Division).
PRICEWATERHOUSECOOPERS. Consultant in charge of projects related to control process and internal
audit of companies processes, performing functions of planning, control and execution of projects:
- Mapping and description of business processes (treasury, accounting, purchasing and sales, etc..) In
different companies from different sectors (Banking, Automotive, Public Sector, Insurance, etc).
- IT audits in financial companies
- Internal audit process in national and international companies.
- Supervision and coordination of quality audits in automotive sector.
- Supervision and coordination of corporate social responsibility projects in international companies.
- Internal control projects in public sector.
- Implementation and training applications in national and international companies.
- Maturity analysis of technological processes using COBIT.
Main Clients:
Inditex, Disney, Renault, Xerox, Federal Mogul, Timberland, Disney, La Caixa, Caja Extremadura, BBVA,
Banco Espirito Santo, Consejería de Agricultura y Pesca de Murcia, Consejería de Agricultura y Pesca Junta
de Andalucía, Intervención General del Estado (IGAE), Xunta de Galicia, Prensa Española, Bausch&Lomb,
Zurich Seguros, Crédito y Caución, Red Eléctrica Española.
LENGUAGES
- English: Advanced level.
- Spanish: Native level.
- Catalán: Medium level.
INFORMATIC TOOLS
- Full mastery of offimatic tools.
- Project Management Program tool: egroupware.
- Audit Program tools (Teammate, Teamasset).
- Knowledge base tools (Mindjet MindManager RMK (Risk Managment Knowledge Base).
- Process mapping tools (COMET, ARIS).
COURSES
- General Course of Internal Audit and Security Control.
- Course of Internal Control specified to Industry and Public Sector and Finance.
- Course of mapping tools (Comet, Flowchart,Change Pro, ARIS) and tools to substantial evidences to
support the Financial Audits (IDEA, ACL).
- Course of Quality Audits.
- Course of Social Audits.
- BSI "Implementation of Management BS 25999-2:2007 Business Continuity".
BSI "Implementation of a Management System of Information Security (ISMS) based on the
27001/UNE ISO 71502 ".
- BSI IT Management Services. Internal Auditor for the Implementation of a Service Management
System (SGS) based on BS ISO / IEC 20000-2:2005 (ITIL).
- ISO 38500 Management System IT Governance.
4 Updated October 10, 2012.