Skip to main content
Juan Carlos Munera

Resume

Juan Carlos Munera
#

Cybersecurity & GRC Professional
#

Miami, FL

Professional Summary
#

Accomplished professional and leader with a blend of hands-on technical expertise and strategic compliance advisory experience. Extensive experience in IT, Cybersecurity, and Compliance with consistent delivery of high-impact results enabling leadership and the business in managing various programs and initiatives.

Languages: Bilingual in Spanish and English, with elementary proficiency in Portuguese.

Professional Experience
#

  1. Sr. IT/IS Systems Engineer / Compliance Advisor

    2025 - 2026

    Contract Engagement

    - Advised organization on PCI-DSS v4.0.1 compliance strategy and program implementation
    - Facilitated scoping, stakeholder alignment, and documentation of in-scope systems
    - Led scope reduction initiatives for the cardholder data environment

  2. Sr. Principal, Governance Risk and Compliance

    2022 - 2025

    Ingram Micro, Inc.

    - Served as an advisor to executive leadership on GRC and technical initiatives
    - Led PCI scope reduction efforts and outsourcing of card operations
    - Validated point-to-point encryption solutions, resulting in lowered risk and expenditure
    - Advised stakeholders on transition to PCI-DSS version 4.0
    - Provided guidance on new controls and requirements to senior leadership and control owners
    - Managed continuous compliance across multiple frameworks: NIST CSF, PCI, SOC, SWIFT CSCF, CMMC
    - Assisted in Third Party Risk Management, facilitated Quarterly Business Reviews, third party audits, and
    customer audits

  3. Cybersecurity Instructor

    2020 - 2024

    ThriveDX (Part-time)

    - Lead Instructor in Cybersecurity continuing education programs at major universities
    - Universities: University of Miami, New York University, University of Michigan, California State University
    - Courses taught: Microsoft Security, Network Security, Cyber Infrastructure and Technology, Ethical Hacking,
    Digital Forensics and Incident Response

  4. Principal Security Consultant

    2016 - 2021

    Cipher Security, a Prosegur Company

    - Led PCI-DSS compliance programs for financial institution clients, including initial certification and ongoing advisory
    - Supported client business objectives through compliance-aligned program delivery
    - Engaged with customers to secure Credit Card Data Environments and meet PCI DSS requirements
    - Conducted on-site assessments, report writing, and compliance attestation
    - Acted as SOC Tier 3 escalation point, working with SOC Manager on high-priority incidents
    - Improved processes and stood up new Managed Detect and Response (MDR) setups for MSSP clients
    - Implemented SIEM setup, custom correlation rules, log ingestion, and SOAR assistance
    - Lead consultant for Miami office, performed Compliance, Security and Vulnerability Assessments
    - Used tools: Tenable Nessus, Rapid7 Nexpose and InsightVM, Qualys, OpenVAS

  5. Sr. Information Security Engineer/Systems Engineer

    2006 - 2016

    Telefonica Business Solutions - Datacenter

    - Team Lead for Managed Service Security Provider division in large high-security datacenter
    - Worked with Systems Engineering, Network Ops, and Infrastructure teams
    - Designed network topology with NetOps to meet MSP customer requirements
    - Managed MSP Datacenter carrier-grade firewall serving hundreds of customers
    - Installed, configured, and managed firewalls, IDS/IPS, web application firewalls
    - Participated in Technology Steering Committee to evaluate new products and services

Education
#

  1. Bachelor of Science - Information Systems Security

    Completed

    ITT Technical Institute

Certifications
#

CISSP Ex-PCI QSA PCI ISA PCI PCIP ISO 27001 Lead Auditor ISO 27001 Lead Implementer CEH

Professional Certifications:

  • ISC2.org Certified Information Systems Security Professional (CISSP)
  • PCI Security Standards Council DSS Ex-Qualified Security Assessor (QSA)
  • PCI Security Standards Council DSS Internal Security Assessor (ISA)
  • PCI Security Standards Council Certified DSS PCI Professional (PCIP)
  • British Standards Institution ISO 27001 Lead Auditor
  • British Standards Institution ISO 27001 Lead Implementer
  • EC-Council Certified Ethical Hacker (CEH)

Technical Expertise
#

Payments Security
#

PCI DSS, PIN Security, P2PE (Point-to-Point Encryption)

Systems & Infrastructure
#

  • Systems Engineering: Windows Server, Linux/Unix
  • Cloud Platforms: AWS, Azure
  • Virtualization: VMWare, Hyper-V, Proxmox VE
  • Network Security: Firewalls, IDS/IPS, WAF

Security Operations
#

  • SIEM: Splunk, ELK Stack, custom correlation rules
  • Vulnerability Management: Tenable Nessus, Rapid7, Qualys, OpenVAS
  • SOC Operations: Tier 3 escalations, incident response
  • SOAR & MDR: Managed Detection and Response setup

GRC Frameworks & Standards
#

NIST Cybersecurity Framework, PCI DSS, ISO 27001, SOC, SOX, SWIFT CSCF, CMMC

Contact
#

Email Me

LinkedIn Profile

PGP Public Key