Freelancer profile translated to English.

Description

🛡️ vCISO / GRC – Information Security Governance & Compliance

20 years of international experience (Mexico, France, Germany, Spain). I help organizations structure their governance, achieve compliance (NIS2, DORA, ISO 27001, PCI DSS, GDPR) and rapidly reduce risks, with a 30/60/90 day roadmap and clear EXCOM reporting.

🛡️ Information Security Governance & CISO Assistance

-Definition and management of the cybersecurity roadmap

-Writing/maintenance of the Information Security Policy, procedures, standards & internal controls

-Risk analyses & prioritized action plan

-Training of teams (CISO/IT) on ISO27005 methodology

-Cybersecurity / GRC Project Management (rituals, committees, KPIs, executive visibility)

-Information Security Awareness (targeted business & IT materials)

🛡️ Compliance (PCI DSS, ISO 27001, GDPR, DORA, NIS2)

-BUILD (implementation) & RUN (compliance maintenance) support

-Preparation for audits & certifications (PCI DSS, ISO 27001)

-Recurring controls & continuous compliance improvement

-Risk Management & Analysis

-Analyses according to ISO 27005

-Security by Design: integration of security into projects (ISP)

-Up-to-date risk mapping & treatment plan monitoring

🛡️ Third-Party Risks – TPRM

-Supplier audit program & PAS (Security Assurance Plan) requirements

-Management of risks related to ICT service providers (DORA)

🛡️ Resilience (Cyber & Operational)

-BCM & ISO 22301: BIA, process criticality, dependencies, RTO/RPO, MTPD, development/maintenance of BCPs (business) and DRPs (IT).

-DRP / IT Disaster Recovery: on-prem/cloud strategy, 3-2-1-1-0 backups (immutable), backup vault, segmentation, failover/failback tests, recovery runbooks.

Monitoring the implementation of recommendations with suppliers

📩 Let's discuss your priorities — contact me on LinkedIn or book a slot:

Industry field of expertise

Languages

Spanish
Native or bilingual
French
Native or bilingual
English
Native or bilingual

Workplace preferences

Remote only

Primarily works remotely

Cyber Defense Consulting Group
GRC Cybersecurity Consultant
BANKING AND INSURANCE
January 2025 - Today (1 year and 5 months)
Paris, France
🛡️ vCISO / GRC – Information Security Governance & Compliance
20 years of international experience (Mexico, France, Germany, Spain). I help organizations structure their governance, achieve compliance (NIS2, DORA, ISO 27001, PCI DSS, GDPR) and rapidly reduce risks, with a 30/60/90 day roadmap and clear EXCOM reporting.

🛡️ Information Security Governance & CISO Assistance
✔️Definition and management of the cybersecurity roadmap
✔️Writing/maintenance of the Information Security Policy, procedures, standards & internal controls
✔️Risk analyses & prioritized action plan
✔️Training of teams (CISO/IT) on ISO27005 methodology
✔️Cybersecurity / GRC Project Management (rituals, committees, KPIs, executive visibility)
✔️Information Security Awareness (targeted business & IT materials)

🛡️ Compliance (PCI DSS, ISO 27001, GDPR, DORA, NIS2)
✔️BUILD (implementation) & RUN (compliance maintenance) support
✔️Preparation for audits & certifications (PCI DSS, ISO 27001)
✔️Recurring controls & continuous compliance improvement
✔️Risk Management & Analysis
✔️Analyses according to ISO 27005
✔️Security by Design: integration of security into projects (ISP)
✔️Up-to-date risk mapping & treatment plan monitoring

🛡️ Third-Party Risks – TPRM
✔️Supplier audit program & PAS (Security Assurance Plan) requirements
✔️Management of risks related to ICT service providers (DORA)

🛡️ Resilience (Cyber & Operational)
✔️BCM & ISO 22301: BIA, process criticality, dependencies, RTO/RPO, MTPD, development/maintenance of BCPs (business) and DRPs (IT).
✔️DRP / IT Disaster Recovery: on-prem/cloud strategy, 3-2-1-1-0 backups (immutable), backup vault, segmentation, failover/failback tests, recovery runbooks. Monitoring the implementation of recommendations with suppliers.

📩 Let's discuss your priorities — contact me on LinkedIn or book a slot: https://calendly.com/ricardocoronelcdcg/60min
ISO 27001 DORA ISO 27005
Outpayce
Payments Business Information Security Officer
BANKING AND INSURANCE
May 2023 - November 2024 (1 year and 6 months)
Madrid, Spain
Manage the implementation of the DORA (Digital Operational Resilience Act)
-Lead PCI DSS certification process.
-Support and lead the security part of the process to obtain the EMI license in Spain.
-Develop, implement, and maintain the Information Security Framework for Internal Services (policies, standards, guidelines, architecture models, etc.)
-Derive and translate the Corporate Security Policies into local/specific ones and with the corresponding standards, baselines, guidelines & architectural model.
-Develop and embed security processes into global framework and methodologies.
-Develop a strong communication (position papers, policies, procedures, standards, etc.) and awareness around the Information Security Policies.
-Ensure that the security risk posture for internal services is aligned with the business appetite & -strategy.
-Provide security consulting/expertise and support in programs / projects to other Business Units
-Perform security assessment on Programs/projects ((confidentiality, integrity, availability, traceability) with compliance to applicable regulations)
-Identify possible mitigation measures.
-Translate security risk into business terms which are understandable by the business to reach residual risk acceptance.
-Validate the design & accreditation of the security with Programs & projects (architecture, design, processes, regulatory compliance)
-Collect & report of metrics supporting the business value of the security program’s activities.
-Conduct, coordinate or support IT Risk Assessment analysis and Audit Plans
-Drive the day-to-day security process, serious security Incidents. Vulnerabilities management.
Cyber Defense Consulting Group
Senior Security Officer
BANKING AND INSURANCE
November 2019 - May 2023 (3 years and 6 months)
París y alrededores, Francia
Previous missions:

- Mission at DEXIA – La Défense
Responsible for SI security and business continuity – CISO Team

- Participation in strategic bank transformation projects regarding SI security and Business Continuity; interactions with operational departments, audit, compliance, and permanent control services.
- Participation in implementing security aspects in projects (e.g., Security Questionnaire and security impact assessment) and in this context, participates in the Architecture and PPB Committee.
- Participation in information system security management committees with key service providers.
- Organization and management of technical projects: internet access requests, audits, penetration tests, infrastructure and security topics, etc.
- Assessment of IS/BCP risks (RCSA ICT mapping), coordination and monitoring of ISS/BCP risk remediation actions. Analysis and management of security incidents and attendance at related committees.
- Responsible for the business continuity process (BIAs, RTO/RPO), BCP testing.
- Management of logical authorizations and access in support of other Security team members.
- Project monitoring and management of transversal relationships between projects.

- Mission at PMU – Paris 15

During this mission, I was Deputy CISO at PMU

- Mission at Allianz Partners – Saint-Ouen

Security Consultant

During this mission, I worked for the global CISO (Chief Information Security Officer) security team within the Allianz Partners group.

IS Governance ISO 27001 Risk Analysis Security Audit Information Security