Freelancer profile translated to English.
Back to original languageAbout Alejandro
I help SaaS, healthcare, and regulated environments become audit-ready in 4-12 weeks for ISO 27001, SOC 2, NIS2, and ENS, with a practical approach to cybersecurity, GRC, and real evidence.
I don't work with cosmetic documentation. I design compliance systems that withstand external audits because they connect risk, control, operation, and evidence in a traceable and defensible manner.
What do I solve?
I work with organizations that need to:
- Be audit-ready with solid, traceable, and review-ready evidence.
- Fix gaps before they become critical findings.
- Avoid documentary frameworks that don't work in real operations.
- Integrate compliance, security operations, and business without duplication or rework.
- Turn ISO 27001, SOC 2, NIS2, or ENS into measurable operational capability.
Core Services
- ISO 27001 Gap Analysis + 30-60-90 day roadmap
- ISO 27001 implementation / ISMS design
- SOC 2 Readiness (Type I / Type II) + evidence structure
- NIS2 / ENS Gap Assessment
- Risk assessment + risk treatment plan
- Statement of Applicability (SoA), Risk Register, and control framework
- Mapping ISO 27001 ↔ SOC 2 ↔ NIS2 ↔ ENS
- Internal audit preparation + external audit readiness
- Executive reporting: KPIs, KRIs, RACI, governance dashboards
- vCISO / GRC Ops support
- Human risk assessment by role
How I work
- Audit-ready from day one
- Prioritization by risk, impact, and real maturity
- Full traceability: risk → control → evidence
- Deliverables usable by internal teams and external auditors
- Senior-level support: vCISO / Compliance Lead
Usual Services
- ISO 27001 Audit-Ready Program (8–12 weeks)
- SOC 2 Readiness + Type II support
- NIS2 / ENS Gap Assessment (10–15 days)
- Monthly vCISO / GRC Ops retainer
Sectors where I add most value
- SaaS
- Healthcare
- Organizations with regulatory or contractual pressure
- Environments requiring audits, evidence, and operational governance
Spanish
Native or bilingual
English
Fluent
German
Conversational
Can work on-site
Granada (up to 50km), Madrid (up to 50km), Málaga (up to 50km)
Experience
- Consultor Senior en ISO 27001, NIS2, SOC 2 & Riesgo HumanoFounderTECHJanuary 2024 - Today (2 years and 5 months)SpainSenior Cybersecurity and GRC consultant, specializing in bringing regulated organizations—healthcare, SaaS, fintech, and public sector—to an audit-ready state in 4–12 weeks for ISO 27001, SOC 2, NIS2, and ENS.I design and implement security and compliance systems that withstand real audits, transforming compliance into measurable, traceable, and defensible operational capability.What I do:• Security and IT risk assessment• ISMS / ISMS design and implementation• Multi-standard control mapping: ISO 27001 ↔ SOC 2 ↔ NIS2 ↔ ENS• Internal audit and Stage 1 / Stage 2 preparation• End-to-end evidence management and traceability• Executive GRC reporting: KPIs, KRIs, and risk governanceWhat I solve:• Reduction of critical findings before audit• Elimination of cosmetic or indefensible documentation• Security systems less dependent on key personnel• Real integration between Security Operations, GRC, and business• Solid preparation for external audits and client reviewsResults:• Audits passed with solid and traceable evidence• Sustainable, auditable, and scalable security programs• Full traceability between risk, control, evidence, and monitoring• Less rework, less friction, and greater operational maturityUsual Services:• ISO 27001 Audit-Ready Program (8–12 weeks)• SOC 2 Readiness (Type I / Type II)• NIS2 / ENS Gap Assessment (10–15 days)• Monthly vCISO / GRC Ops support
- Cámara de Comercio de GranadaMentor in the Despega program of the Chamber of Commerce of GranadaOctober 2025 - December 2025 (2 months)Mentoring and strategic support for startups and SMEs needing to structure cybersecurity, IT governance, and compliance from early stages, preparing them for audits, enterprise clients, due diligence, and investment.I help design a minimum viable security system aligned with ISO 27001, GDPR, and risk management, to reduce rework, avoid commercial blocks, and scale with a more solid operational foundation.What I do:• Initial security maturity assessment and real baseline• Design of initial ISMS / Lite ISMS, scalable and defensible• Identification of regulatory, operational, and growth risks• 30–60–90 day compliance roadmap• Alignment between business, product, operations, and security controls• Prioritization of minimum viable controls for growing environmentsWhat I solve:• Startups blocked by enterprise client security questionnaires• Lack of structure to scale compliance without friction or improvisation.• Unidentified regulatory risks from early stages• Reactive security decisions leading to rework and operational debt• Commercial friction in due diligence, procurement, and B2B trust processesResults:• Solid foundation for ISO 27001 / SOC 2 readiness• Initial security governance and compliance structure• Reduction of regulatory and operational risks from early stages• Acceleration of B2B sales by reducing friction in security assessments• Greater clarity for growth with scalable and auditable controls
- Miguel Bamio Martínez
On Malt
Phase 3: Monthly extended monitoring August 21 to October 21TECHSeptember 2025 - November 2025 (2 months)Specialized consulting in OSINT and Cyber Threat Intelligence, applying open-source analysis methodologies to support risk assessment processes and strategic decision-making.Activities:• Information collection and analysis using Open Source Intelligence (OSINT)• External and reputational risk assessment• Information structuring for executive reporting• Improvement of traceability and consistency in consulting processes
Reviews
Recommendations
These freelancer profiles also match your criteria
Agatha Frydrych
Backend Java Software Engineer
4.7
(3)
2
Baptiste Duhen
Fullstack developer
4.6
(4)
5
Amed Hamou
Senior Lead Developer
4
(2)
7
Audrey Champion
Web developer
4.3
(3)
4
Education
- Cisco Certified Support Technician – CCST CybersecurityCisco Networking Academy2025Network Security · Threat Detection · Traffic Analysis · Cybersecurity Fundamentals · Incident Response Basics
- Cybersecurity expertThe Valley Digital Business School2023Ethical Hacking · ISO 27001 · PowerShell · Bash · Phishing · Auditoría técnica