Portugal’s financial and insurance ecosystem is modernising fast—digital onboarding, instant payments, API-driven partnerships, and cloud migration are now standard expectations. That acceleration raises the stakes for security leaders who have to keep resilience, regulatory alignment, and day-to-day delivery moving in the same direction. The leaders below reflect that mix: banking scale, insurance governance, operational security, and program-building across highly regulated environments.
André Costa Alves — Chief Information Security Officer, Caixa Geral de Depósitos
André Costa Alves brings a software-first perspective to security leadership, shaped by time in hands-on development, solution architecture, and agile delivery roles. His background spans analysis, design, development, and testing, with experience working across both waterfall and scrum environments. He emphasises team culture and execution discipline—using agile coaching, scrum leadership, and modern delivery practices to keep security aligned with real engineering workflows and outcomes.
Rui Hipólito — Chief Information Security Officer, MGEN Portugal
Rui Hipólito combines information systems management experience with an energetic, delivery-focused leadership style. With a foundation in information technology management and project leadership, he positions cybersecurity as a practical problem-solving function—helping organisations understand challenges, execute improvements, and sustain momentum. His profile reflects a people-oriented approach built on communication, optimism, and cross-functional coordination.
Paulo Escarigo — Chief Information Security Officer, Crédito Agrícola Seguros
Paulo Escarigo leads information security for Crédito Agrícola Seguros, pairing long-term technology experience with formal security leadership in a regulated insurance setting. His background includes extensive time in information systems roles and deep familiarity with enterprise delivery—spanning security policy, certification-related work, and broader information systems leadership. He also represents the organisation in industry coordination through his role in the APS external relations subcommittee.
Paulo Terra — Chief Information Security Officer, MDS Group
Paulo Terra stepped into the Chief Information Security Officer role at MDS Group in January 2026 after years leading technology as Director of Information Technology and earlier information technology coordination roles. His scope centers on building and implementing an information security strategy aligned to business objectives, strengthening compliance, managing risk, and developing incident response readiness. Across his career, he has emphasised business continuity, service availability, service level management, and practical security policy implementation.
Rogério Gonçalves — Chief Information Security Officer, Allianz Portugal
Rogério Gonçalves has built a long career in information technology systems management and security control implementation, with particular strength in vulnerability management and infrastructure security. At Allianz Portugal, he leads the security program while drawing on prior roles across Allianz Technology, including infrastructure leadership and project security work. His experience reflects a delivery-oriented approach focused on implementing controls, improving operational security maturity, and sustaining resilient enterprise environments.
Jorge Costa — Chief Information Security Officer, Lusitânia
Jorge Costa serves as Chief Information Security Officer for both Lusitânia and Lusitânia Vida, with direct linkage to board-level leadership. His responsibilities include defining cybersecurity strategy and governance, leading a cybersecurity transformation program, and running risk management oversight across implementation and operational security activities. His remit explicitly spans vulnerability management, threat and defensive security, and execution of the transformation roadmap.
Rui Pereira — Chief Information Security Officer, Aegon Santander Portugal
Rui Pereira positions himself as a hands-on security and compliance leader with wide coverage across auditing, penetration testing, incident response, forensics support, vulnerability remediation, and security operations. His profile emphasises practical governance and delivery: ISO 27001 implementation, General Data Protection Regulation subject matter expertise, business continuity and disaster recovery ownership, third-party management, and security awareness. He also notes ongoing availability for pro bono cybersecurity support for non-profit organisations.
Teresa Florência — Cybersecurity Manager and Chief Information Security Officer, UNICRE
Teresa Florência’s path into security leadership blends cloud services and enterprise support experience with operational people leadership. At UNICRE, she holds the Cybersecurity Manager and Chief Information Security Officer remit, following earlier cloud services management and cybersecurity roles within the organisation. Her background includes cloud adoption consulting and several years supporting and leading Microsoft Office 365 technical and customer operations environments, giving her a delivery-grounded foundation for modern security and resilience programs.
Jean Loiseau — Head of the Chief Information Security Officer Office, BNP Paribas
Jean Loiseau leads the Chief Information Security Officer Office in BNP Paribas’ Portugal Center of Excellence, delivering cybersecurity services for Corporate and Institutional Banking globally. His profile highlights translating complex cybersecurity and governance requirements into pragmatic, business-aligned programs, built through experience leading governance, risk, compliance, and audit initiatives across multiple regions and regulated industries. He emphasises security-by-design, stakeholder partnership, and maturity-building without slowing down delivery.
Why Portugal’s Security Leadership Moment Is Getting Sharper
What stands out across these profiles is range: leaders who come up through engineering and delivery, leaders rooted in governance and board reporting, and leaders who build operational capability in complex, regulated organisations. Portugal’s cybersecurity posture will increasingly be defined by how well these disciplines converge—strategy that is measurable, controls that are implemented, and resilience that holds under real-world pressure.
Explore how cybersecurity leaders in Denmark are strengthening resilience across one of Europe’s most digitally advanced and regulated financial environments.