You're seeing this page as if you were . The main menu is still yours, though. Exit from immersion
Malt Strategy
New report
Malt Tech Trends 2026
Raffaele Di MarzioRD

Raffaele Di Marzio

Cybersecurity Consultant | CISO Transition Manager

€800/day
Madrid, ES
15+ years
CISO
DORA
NIS2
NIST
AI

Average response time: 1 hour

Freelancer profile translated to English.
Back to original language

About Raffaele

Freelance executive consultant in cybersecurity, GRC, and operational resilience, with over 24 years of experience advising major international organizations in highly regulated environments.

Specializing in CISO and Interim CISO missions, GRC framework design and implementation, European regulatory compliance (DORA, NIS2, GDPR, MiCA), and ICT and third-party risk management.

Extensive experience acting as an independent advisor to Management, CIO, Compliance, Internal Audit, and Regulators, in contexts of transformation, crisis, reorganization, or temporary reinforcement of the security function.

Profile 100% mission-oriented, results-driven, and focused on knowledge transfer, accustomed to multinational, multi-vendor, and high regulatory exposure environments.

  • Italian

    Native or bilingual

  • French

    Native or bilingual

  • English

    Native or bilingual

  • Spanish

    Native or bilingual

Can work on-site
Madrid (up to 50km)

Experience

  • DEXIA
    Chief Information Security Officer IT security and business continuity consultant
    BANKING AND INSURANCE
    March 2022 - December 2025 (3 years and 9 months)
    París, France
    Dexia (Euronext: DEXB) is a bank created from the alliance in 1996 between Crédit Communal de Belgique (1860) and Crédit Local de France (1987). Its registered office is in Brussels. The IT department and the Information Security department are centralized at the Paris La Défense headquarters. The latter is responsible for ICT security for the entire group.
    Responsibilities and projects carried out:
    • Leading the CISO function in a highly regulated banking environment.
    • Defining the cybersecurity strategy and the IS security governance model.
    • Leading ICT risk, BCP, and operational resilience programs.
    • Preparing a strategy for alignment with DORA and NIS2.
    • Managing critical vendors and multi-vendor environments.
    Governance, Risk, and Compliance (GRC)
    • Corporate and regulatory GRC frameworks
    • Research and Audit - DORA: ICT Risk, Third Party Risk, Resilience Testing
    • Research and Audit - NIS2: Governance, reporting, incident management
    • Regulatory audits and preparation for external supervisors
    • ISO 27001 / NIST / PCI-DSS integration
    CISO DORA NIS2 NIST MiCA
  • AXA
    Cybersecurity Senior Consultant Software & Infrastructure Security Architect
    BANKING AND INSURANCE
    September 2021 - February 2022 (5 months)
    Madrid, Spain
    AXA Partners Spain is a Spanish subsidiary of AXA Partners Holding SA, France. The Global Security Center (GSC) is a cybersecurity department of the AXA group. Its mission is to provide a catalog of IT security services to AXA partners (subsidiaries) worldwide.
    Responsibilities and projects carried out
    • Consulting on software and infrastructure projects from a security perspective.
    • Review and validation of security architectures and "security by design".
    • Creation and launch of the Security Architecture Committee.
    • Application risk assessments (AISRA) and access reviews (IAM).
    • Support for internal certifications and security assurance processes.
    Governance, Risk, and Compliance (GRC)
    • Security governance applied to the project lifecycle (controls and evidence).
    • Application and architecture risk management (assessment, recommendations, monitoring).
    • Alignment with ISO 27001 / ISO 27002 and corporate frameworks.
    • Internal audits: preparation of evidence and remediation plans.
    • Third parties: review of requirements and measures in multi-vendor environments.
    GRC Risk and Vulnerability Assessment Cybersecurity Compliance Policy
  • GSK
    Lead of Cybersecurity and MCO Stream Archiving & Decommissioning
    PHARMACEUTICALS INDUSTRY
    September 2020 - April 2021 (7 months)
    Roma, Italy
    Responsibilities and projects carried out
    • Leading the controlled decommissioning of "in-scope" applications.
    • Defining the plan for data withdrawal, archiving, and migration.
    • Coordination with IT, business, compliance, and site managers.
    • Control of security and continuity requirements during withdrawal.
    • Creation of artifacts: checklist, RACI, risk and issue tracking.
    Governance, Risk, and Compliance (GRC)
    • Decommissioning governance (criteria, approvals, traceability, and evidence).
    • Risk assessment and treatment (data, access, continuity, contractual).
    • Compliance with internal requirements (quality, security, validation, and policies).
    • Third parties/support: management of maintenance contracts and orderly closure.
    • Auditability: documentation and evidence for internal reviews.
    Compliance Policy Data Analysis Cybersecurity Infrastructure Project Manager
Check out Raffaele's experience

Recommendations

Be the first to recommend Raffaele

Help this freelancer shine by sharing your experience working together.

These freelancer profiles also match your criteria

AgathaA

Agatha Frydrych

Backend Java Software Engineer

4.7

(3)

2

BaptisteB

Baptiste Duhen

Fullstack developer

4.6

(4)

5

AmedA

Amed Hamou

Senior Lead Developer

4

(2)

7

AudreyA

Audrey Champion

Web developer

4.3

(3)

4

Signup to reveal

Education

  • ISO/IEC 27001:2022 - Information Security
    2025
    ISO/IEC 27001:2022 - Information Security
  • RISK MANAGER™
    2025
    RISK MANAGER™
Check out Raffaele's education

Skill set

Data Privacy (GDPR, CCPA)
GRC (Governance, Risk and Compliance)
Risk and Vulnerability Assessment
Cybersecurity Incident Management
Security Awareness Training

Categories