You're seeing this page as if you were . The main menu is still yours, though. Exit from immersion
Malt Strategy
New report
Malt Tech Trends 2026
Fernando Sanchez ManzanoFS

Fernando Sanchez Manzano

Information Security Senior Manager Engineer

€350/day
Madrid, ES
15+ years
GRC
IT Risk
BCMS
ISMS
GDPR

Average response time: 1 hour

About Fernando

Strong background supported by 20 years working in information security and technology audits and advisories, working with some of the best known international standards and regulations; such as DORA, NIS2, NIST-CSF, CIS, ISO38500, CoBIT, ISO27001, ISO27002, ISO22301, SOX Act.404, GDPR, MAGERIT, National Security Schema (ENS for Spain), ISO20000 and ITIL,
I gained this expertise working in big companies such as Deloitte, Ernst & Young, KPMG, BBVA, Santander bank, SegurCaixa Adeslas Bank of Tokyo, HSBC, Aplazame (WiZink group) and spanish public Administration.
I decided to change my professional way of working to face a challenge in European Commission, within the LISO team in JRC department in Ispra, taking part of the European directives and regulations Quality Assessment (as GRC expert) area to improve these publications in Information Security matters. Besides, I am the Senior Manager advisor in the risk assessment over the control systems managing nuclear power stations.
My professional expertise, academic background and personal skills have prepared me to understand both private companies and Public Administrations, especially in needed governance models and compliance (international laws & normative) frameworks.
Specific work experience includes business units, divisional and corporate level consulting in international companies, such as MAPFRE, ING-Nationale Nederlanden, UBS Securities, CASER SEGUROS, USB bank, EADS-CASA, AIRBUS, Mercedes Benz, BMW, Telefonica, INDRA SISTEMAS, S.A, BBVA bank, BSCH Corporation (Santander bank), and UBS Bank Spain and Twenty Century Fox.
All of my work experience shows a strong track record with measurable results, the most recent example of which is my current consultant-like position, defining the IT security governance and strategy in European Commission – JRC as Senior Manager external advisor

  • Spanish

    Native or bilingual

  • Italian

    Conversational

Can work on-site
Madrid (up to 50km)

Experience

  • European Commission Cybersecurity
    Senior Manager Engineer
    September 2021 - Today (4 years and 9 months)
    Italy
    • Definition and Quality Assessment of IT Risk governance and IT Risk Management process. The mosnt relevant directives I have reviewed are DORA and NIS2.
    • Definition and Implementation monitoring of the security controls, deploying risk assessments on the control systems of the nuclear power stations.
    • Dashboard definition to show KPI and KRI to the Commission Directorates.
    • Incident, vulnerabilities and threats management. Workflows implantation.
    • Advisory in the improvement of an Information Security Steering Plan (ISMS) based on ISO27001 and GDPR.
  • Aplazame
    CISO
    BANKING AND INSURANCE
    June 2020 - August 2021 (1 year and 2 months)
    • Definition and implantation of all the Information Security Business Unit, such as GRC, Security Architecture, Privacy and SOC.
    • Definition and implantation of Information Security Steering Plan (ISMS) based on ISO27001 , NIST-CSF, CIS, CoBIT, PCI-DSS and GDPR.
    • Definition and implantation of IT Risk governance and management model.
    • Implantation of a Security by Design process in all the bus8ness units in the company.
    • Defining security controls in the AWS infrastructure, helping DevOps Team to implement SecDevOps process.
    • Dashboard definition to show KPI and KRI to Steering Committee.
    • IT security normative updating.
    • Information security budget management.
    • Member of the Corporative Risk Committee and president of the Information Security Committee.
    • SOCaaS and CERTaaS setup.
    • Trainning and awareness plan definition
    • Incident, vulnerabilities and threats management. Workflows implantation.
  • SegurCaixa Adeslas
    GRC Senior Manager and DeputyCISO
    January 2019 - May 2020 (1 year and 4 months)
    Madrid, Spain
    • Definition and implantation of IT Risk Assessment, identifying stakeholders and relation models.
    • Definition and implantation of IT Risk classification model.
    • Dashboard definition to show KPI and KRI to Steering Committee.
    • Coordination and integration among different technical areas (Cybersecurity, IT Contingency, IT Security Architecture) to establish Global Risk Framework.
    • IT security normative updating.
    • Information security budget management.
    • Member of the Corporative Risk Committee and president of the Information Security Committee.
    • Definition and management of a compliance assessment process to ensure the Information Security framework implementation.
Check out Fernando's experience

Recommendations

Be the first to recommend Fernando

Help this freelancer shine by sharing your experience working together.

These freelancer profiles also match your criteria

AgathaA

Agatha Frydrych

Backend Java Software Engineer

4.7

(3)

2

BaptisteB

Baptiste Duhen

Fullstack developer

4.6

(4)

5

AmedA

Amed Hamou

Senior Lead Developer

4

(2)

7

AudreyA

Audrey Champion

Web developer

4.3

(3)

4

Signup to reveal

Education

  • Master of Business
    2008
    Master in Business Administration (MBA)
  • Telecommunication Engineer
    "Escuela Tecnica Superior de Ingenieria de Telecomunicacion" (ETSIT). Superior
    2005
    Telecommunication Engineer
Check out Fernando's education

Skill set

ISO27001
Cybersecurity Incident Management
Agile Project Management
Risk and Vulnerability Assessment
GRC (Governance, Risk and Compliance)
Data Privacy (GDPR, CCPA)
IT Strategy
NIST
DORA
NIS2
SOX
EBIOS RM

Categories