You're seeing this page as if you were . The main menu is still yours, though. Exit from immersion
Malt Strategy
New report
Malt Tech Trends 2026
Xavier D.XD

Xavier D.

Fractional CISO | SaaS, ISO 27001 & Audit Readines

€950/day
Barcelona, ES
8-15 years
ISO 27001
Risk Assessment
Security Assessment & Testing
Fractional CISO / Virtual CISO
Security roadmap

Average response time: 1 hour

About Xavier

Independent Fractional CISO (vCISO) and Cybersecurity Advisor supporting SaaS and regulated organizations in building scalable, audit-ready, and business-aligned security programs.

I bring 20+ years of IT experience and 12+ years in cybersecurity, including hands-on roles as CISO and Security Manager. I specialize in translating regulatory and risk requirements into clear, pragmatic security strategies that support growth, customer trust, and executive decision-making.

I typically operate across two levels of engagement:

• Advisory & structured support — defining strategy, governance, and risk priorities, and supporting executive teams in decision-making

• vCISO / ownership roles (dedicated engagements) — where formal responsibility is required (e.g. regulatory interaction, governance ownership, incident accountability)

Typical engagements include:

– Fractional / Virtual CISO support (advisory or structured engagements)
– ISO 27001 readiness and audit preparation
– Cybersecurity risk assessments and gap analysis (ISO / NIST)
– Incident readiness and crisis management advisory (governance-level, non-operational)

I work directly with CEOs, CTOs, and executive teams, helping them prioritize risks, structure security initiatives, and make informed decisions in complex environments.

My approach is pragmatic, risk-based, and focused on outcomes:

✔ Passing audits
✔ Closing enterprise clients
✔ Building security that scales with the business

Engagements are structured based on the level of responsibility and involvement required, ranging from advisory support to full responsibility roles depending on business needs and regulatory context
HR Services
Banking and Financial Services
Healthcare payors
Insurance
Construction

  • Spanish

    Native or bilingual

  • English

    Fluent

  • Catalan

    Native or bilingual

Can work on-site
Barcelona (up to 50km)

Experience

  • Independent
    Fractional (CISO) | Cybersecurity & Compliance Advisor
    February 2026 - Today (4 months)
    Barcelona, Spain
    Independent fractional CISO (vCISO) supporting SaaS and regulated organizations in building audit-ready security programs, with a focus on governance, risk, and executive decision-making.
    Fractional CISO / Virtual CISO Cybersecurity Management ISO 27001 audit readiness
  • GRUPO CONSTRUCÍA| Compensa Capital Humano (Howden Group)
    Chief Information Security Officer (CISO) | SaaS & Regulated Environments
    January 2016 - January 2026 (10 years)
    Barcelona, Spain
    • Directed security governance, strategy and compliance programs including the implementation of ISO 27001, GDPR, and NIST aligning with business objectives and regulatory demands
    • Supervised and managed security risks and gap analysis, implementing policies, procedures, and controls to strengthen organizational security .
    • Optimized business continuity planning (BCP, BIA), ISO 27001 and GDPR (data protection), maintaining a continuous compliance roadmap.
    • Ensure cloud and SaaS security compliance and initiatives on Microsoft Azure, SaaS, IaaS) and secure (systems and applications) architecture approvals.
    • Established and embedded a security-first culture, training teams and raising company-wide security awareness.
    • Coordinated cross-functional incident response teams, integrating SOC escalation workflows and executive communication protocols.
    ISO 27001 Gap analysis Security Compliance Cybersecurity Management Security Policies & Procedures Documentation
  • Private
    Information Security & Compliance Management
    HUMAN RESOURCES
    January 2012 - January 2016 (4 years)
    Barcelona, Spain
    Established foundational security frameworks based on ISO 27001 and ISO 27002.
    Developed and enforced security policies, managed data protection (GDPR), and ensured business continuity.
    Led internal audits and vendor risk assessments to strengthen the organization’s security posture.

    ➡️ Focused on building compliance and governance from the ground up.

    Performed vulnerability assessments, managed incident response processes, and supported ISAE3402 and ISO audits.
    Provided expert guidance to enhance risk visibility and implement technical and procedural controls.

    ➡️ Expanded expertise in audit readiness and security assurance.
    ISO 27001 Risk Assessment Security Compliance Cybersecurity Management Security Policies & Procedures Documentation

Recommendations

Be the first to recommend Xavier

Help this freelancer shine by sharing your experience working together.

These freelancer profiles also match your criteria

AgathaA

Agatha Frydrych

Backend Java Software Engineer

4.7

(3)

2

BaptisteB

Baptiste Duhen

Fullstack developer

4.6

(4)

5

AmedA

Amed Hamou

Senior Lead Developer

4

(2)

7

AudreyA

Audrey Champion

Web developer

4.3

(3)

4

Signup to reveal

Education

  • Cybersecurity CC: Certified "ISC2"
    ISC2
    2025
  • MASTER DE SEGURIDAD DE LA INFORMACIÓN
    IMF FORMACION
    2017
    PROFESSIONAL POSTGRADUATE
Check out Xavier's education

Certifications

  • LEAD AUDITORI ISO 27001
    BSI
    2016

Skill set

Government Reporting Compliance
Cybersecurity Management
Security Compliance
ISO 27001 implementation
ISO 27001 audit readiness
Risk management framework
Executive Advisory
Incident response governance
Gap analysis
Security Policies & Procedures Documentation

Categories