Beschreibung

Independent Fractional CISO (vCISO) and Cybersecurity Advisor supporting SaaS and regulated organizations in building scalable, audit-ready, and business-aligned security programs.

I bring 20+ years of IT experience and 12+ years in cybersecurity, including hands-on roles as CISO and Security Manager. I specialize in translating regulatory and risk requirements into clear, pragmatic security strategies that support growth, customer trust, and executive decision-making.

I typically operate across two levels of engagement:

• Advisory & structured support — defining strategy, governance, and risk priorities, and supporting executive teams in decision-making

• vCISO / ownership roles (dedicated engagements) — where formal responsibility is required (e.g. regulatory interaction, governance ownership, incident accountability)

Typical engagements include:

– Fractional / Virtual CISO support (advisory or structured engagements)

– ISO 27001 readiness and audit preparation

– Cybersecurity risk assessments and gap analysis (ISO / NIST)

– Incident readiness and crisis management advisory (governance-level, non-operational)

I work directly with CEOs, CTOs, and executive teams, helping them prioritize risks, structure security initiatives, and make informed decisions in complex environments.

My approach is pragmatic, risk-based, and focused on outcomes:

✔ Passing audits

✔ Closing enterprise clients

✔ Building security that scales with the business

Engagements are structured based on the level of responsibility and involvement required, ranging from advisory support to full responsibility roles depending on business needs and regulatory context

Branchenexpertise

Sprachen

Spanisch
Muttersprachlich oder zweisprachig
Englisch
Verhandlungssicher
Katalanisch
Muttersprachlich oder zweisprachig

Arbeitsortpräferenzen

Vor Ort möglich

Barcelona (bis zu 50 km)

Independent
Fractional (CISO) | Cybersecurity & Compliance Advisor
Februar 2026 - Heute (4 Monate)
Barcelona, Spanien
Independent fractional CISO (vCISO) supporting SaaS and regulated organizations in building audit-ready security programs, with a focus on governance, risk, and executive decision-making.
Fractional CISO / Virtual CISO Cybersecurity Management ISO 27001 audit readiness
GRUPO CONSTRUCÍA| Compensa Capital Humano (Howden Group)
Chief Information Security Officer (CISO) | SaaS & Regulated Environments
Januar 2016 - Januar 2026 (10 Jahre)
Barcelona, Spain
Directed security governance, strategy and compliance programs including the implementation of ISO 27001, GDPR, and NIST aligning with business objectives and regulatory demands
Supervised and managed security risks and gap analysis, implementing policies, procedures, and controls to strengthen organizational security .
Optimized business continuity planning (BCP, BIA), ISO 27001 and GDPR (data protection), maintaining a continuous compliance roadmap.
Ensure cloud and SaaS security compliance and initiatives on Microsoft Azure, SaaS, IaaS) and secure (systems and applications) architecture approvals.
Established and embedded a security-first culture, training teams and raising company-wide security awareness.
Coordinated cross-functional incident response teams, integrating SOC escalation workflows and executive communication protocols.
ISO 27001 Gap analysis Security Compliance Cybersecurity Management Security Policies & Procedures Documentation
Private
Information Security & Compliance Management
PERSONALWESEN
Januar 2012 - Januar 2016 (4 Jahre)
Barcelona, Spanien
Established foundational security frameworks based on ISO 27001 and ISO 27002.
Developed and enforced security policies, managed data protection (GDPR), and ensured business continuity.
Led internal audits and vendor risk assessments to strengthen the organization’s security posture.

➡️ Focused on building compliance and governance from the ground up.

Performed vulnerability assessments, managed incident response processes, and supported ISAE3402 and ISO audits.
Provided expert guidance to enhance risk visibility and implement technical and procedural controls.

➡️ Expanded expertise in audit readiness and security assurance.
ISO 27001 Risk Assessment Security Compliance Cybersecurity Management Security Policies & Procedures Documentation