You're seeing this page as if you were . The main menu is still yours, though. Exit from immersion
Alejandro Alonso GarcíaAA

Alejandro Alonso García

GRC Cybersecurity Consultant

€390/day
Burgos, ES
8-15 years

Average response time: 1 hour

Freelancer profile translated to English.
Back to original language

About Alejandro

Since I was young, I've always been passionate about technology. I started my journey in telecommunications, where I discovered the world of networks and obtained the Cisco CCNA certification. Shortly after, I learned about cybersecurity, dedicating a large part of my time to CTFs, labs, and Red Team challenges. Later, I founded a systems and cybersecurity company, where I began implementing security and regulatory compliance measures such as ISO 27001 and GDPR. That experience led me to join a strategic project for INCIBE, where I decided to specialize in GRC. Today, after several years of experience and participating in highly relevant projects for public and private organizations, I work as a cybersecurity consultant specializing in governance, risk, compliance, and business continuity.
  • Spanish

    Native or bilingual

  • English

    Conversational

Can work on-site
Burgos (up to 50km)

Experience

  • Empresa1
    Cybersecurity Team Lead
    January 2024 - Today (2 years and 6 months)
    • • Leadership of work teams in the GRC (Governance, Risk, and Compliance) area.
    • • Coordination and execution of over 250 projects for adaptation to the National Security Scheme (ENS) and ISO 27001 for public and private entities.
    • • Development of risk analyses using MAGERIT, OCTAVE methodologies, or ISO 31000, Business Impact Analysis (BIA), Business Continuity Plans (BCP), Disaster Recovery Plans (DRP), and testing plans.
    • • Participation in projects for security incident management, crisis management, and service and process recovery.
    • • Security Officer for various public and private organizations, coordinating the implementation and monitoring of security and regulatory compliance measures.
    • • Development of tenders, analysis, and preparation of technical and economic proposals.
    • • Creation and leadership of technical teams, resource planning, and conducting technical interviews for talent selection.
    Cybersecurity ISO 27001 National Security Scheme NIS2 CISO
  • Empresa2
    National Cybersecurity Crisis Management Expert
    January 2023 - January 2024 (1 year)
    • • Project for INCIBE, participating in the national coordination of cybersecurity crisis management and business continuity.
    • • Coordination with public bodies, essential operators, service providers (ISPs), CERT/CSIRT, and private entities for security incident management and critical service recovery.
    • • Development of Business Impact Analysis (BIA), Business Continuity Plans (BCP), Recovery Plans (DRP), operating procedures, and testing plans.
    • • Development of action playbooks, escalation procedures, and coordination among the different involved areas during incident management and crisis situations.
    • • Design and maintenance of internal and external communication plans, defining information flows, responsible parties, and communication channels during crisis situations.
    • • Planning, coordination, and execution of periodic crisis management exercises and drills, both nationally and in collaboration with international bodies.
    • • Development of crisis management and continuity procedures aligned with ISO 22301, ISO 27001, ENS, and national regulatory frameworks.
    • • Participation in the transposition process of the NIS2 Directive at the national level.
    NIS2 ISO 22301 ISO 27001 National Security Scheme CISO
  • Empresa3
    Systems and Cybersecurity Administrator
    January 2021 - January 2023 (2 years)
    • • Administration of Windows Server infrastructures, Active Directory, Microsoft 365, and virtualization environments.
    • • Implementation and administration of security measures: GPOs, EDR, next-generation firewalls (NGFW), IDS/IPS, VPN, and hardening policies.
    • • Administration and monitoring of infrastructures using Zabbix, management of a Sophos-based SOC, and response to security incidents.
    • • Management of backups, recovery plans, and service restoration procedures.
    • • Administration of asset inventory and incident management using GLPI.
    Cybersecurity GDPR National Security Scheme Systems Administration Cisco

Recommendations

Be the first to recommend Alejandro

Help this freelancer shine by sharing your experience working together.

These freelancer profiles also match your criteria

AgathaA

Agatha Frydrych

Backend Java Software Engineer

4.7

(3)

2

BaptisteB

Baptiste Duhen

Fullstack developer

4.6

(4)

5

AmedA

Amed Hamou

Senior Lead Developer

4

(2)

7

AudreyA

Audrey Champion

Web developer

4.3

(3)

4

Education

  • Computer Engineering
    UOC
    2026
    Ingeniería Informática
  • Specialization Course in Cybersecurity in Information Technology Environments
    2022
    Curso de Especialización en Ciberseguridad en Entornos de las Tecnologías de la Información

Categories