Skip to content
View gaabrielsotero's full-sized avatar
1 follower · 1 following

Block or report gaabrielsotero

Block user

Prevent this user from interacting with your repositories and sending you notifications. Learn more about blocking users.

You must be logged in to block users.

Maximum 250 characters. Please don’t include any personal information such as legal names or email addresses. Markdown is supported. This note will only be visible to you.
Report abuse

Contact GitHub support about this user’s behavior. Learn more about reporting abuse.

Report abuse
gaabrielsotero/README.md

Gabriel Sotero de Almeida

Risk & Compliance Analyst · GRC & IT Risk · Lisbon, Portugal
Accenture · EU AML/KYC · DORA · ISO 31000 · NIST RMF

   

About

Risk & Compliance Analyst with 5 years in financial crime prevention and operational risk across Payments and FinTech — including Google Payments (Cognizant) and Klarna (Accenture). Currently transitioning into GRC and IT Risk, focused on the EU regulatory landscape: DORA, NIS2, GDPR, ISO 27001, and ISO 31000.

Background in law (PUC Minas, Brazil) combined with hands-on AML/KYC operations provides an uncommon combination: understanding both the regulatory intent behind a control framework and the operational reality of implementing it at scale in a FinTech environment.

Building a practical GRC portfolio to demonstrate applied capability — not just theoretical knowledge.

Portfolio Projects

🔴 GRC Risk Register Calculator

ISO 31000 · DORA · NIST RMF · GDPR · FATF

Interactive browser-based risk assessment tool built for EU financial services compliance contexts. Features inherent vs. residual risk scoring (correct ISO 31000 methodology), dual heat map visualisation, a context-aware GRC recommendations engine mapped to AML, GDPR, DORA, KYC/EDD and IAM risk categories, plus CSV/JSON export.

→ Live Demo

🟠 Third-Party Vendor Risk Assessment Framework (coming soon)

ISO 31000 · NIST CSF · GDPR Art. 28 · DORA Art. 28/30 · FATF

End-to-end TPRM framework for FinTech vendor onboarding — structured assessment form, vendor register, and automated residual risk scoring across Data Protection, AML/KYC, Information Security, and Operational Resilience domains.

Regulatory Coverage

Domain Frameworks
Financial Crime EU AML Directives · FATF Recommendations · PSD2
ICT & Operational Resilience DORA (EU 2022/2554) · NIS2 · ISO 22301
Data Protection GDPR · EDPB Guidelines
Information Security ISO 27001:2022 · NIST RMF · NIST CSF
Risk Management ISO 31000:2018 · ISO 27005

Currently

  • 📍 Compliance Analyst @ Accenture — EU AML/KYC operations, FinTech regulatory environment
  • 📚 Completing Google Cybersecurity Analyst Certificate
  • 🔨 Building GRC portfolio aligned with DORA and ISO 27001 practical implementation
  • 🎯 Target roles: GRC Analyst · IT Risk Analyst · Risk Manager

Popular repositories Loading

  1. grc-risk-register-calculator grc-risk-register-calculator Public

    Interactive GRC Risk Register — ISO 31000, DORA, NIST RMF, GDPR. Built for EU Financial Services compliance.

    HTML 1

  2. gaabrielsotero gaabrielsotero Public

    1

  3. botium-security-audit botium-security-audit Public

    Security audit aligned with PCI DSS, GDPR and SOC 2 — control gap assessment and compliance recommendations.

    HTML

  4. security-risk-assessment-network-hardening security-risk-assessment-network-hardening Public

    Security risk assessment for a social media network breach scenario, applying network hardening controls (credentials, firewalls, MFA) in line with GRC and IT risk practices.

  5. sql-security-investigation sql-security-investigation Public