• Development and implementation of strategic cybersecurity plans, aiming to mitigate any risk associated with information security and technological infrastructures. Alignment with the business objectives and growth aspirations of the organization.• Creation and implementation of a global cybersecurity regulatory framework, composed of policies, standards, and procedures to ensure cohesion and consistency of security practices across all regions where Holcim operates.•… Show more • Development and implementation of strategic cybersecurity plans, aiming to mitigate any risk associated with information security and technological infrastructures. Alignment with the business objectives and growth aspirations of the organization.• Creation and implementation of a global cybersecurity regulatory framework, composed of policies, standards, and procedures to ensure cohesion and consistency of security practices across all regions where Holcim operates.• Comprehensive IT Risk Management on a global scale, ensuring the proactive identification, evaluation, and mitigation of risks in line with the organization’s strategic objectives. Development of specific action plans to address and neutralize identified risks.• Execution of audits, including evidence gathering, validation of controls, and detailed assessments, leveraging frameworks such as SWIFT, NIST CSF, and ISO 27001 to ensure compliance, identify vulnerabilities, and recommend actionable improvements.• Definition and oversight of a security governance framework for applications utilizing Artificial Intelligence (AI) and Large Language Models (LLM), ensuring comprehensive management of all associated risks.• Design and construction of dashboards incorporating KPIs to ensure transparent, measurable, and efficient communication in cybersecurity, facilitating strategic decision-making aligned with corporate objectives. Show less

University Professor in the Bachelor's Degree in Cybersecurity at the Escuela Superior de Ingeniería y Tecnología

• Cybersecurity Lead for a significant Airbus project comprising of an international team of over 400 individuals. Oversight of all project areas, operations, and technologies, including, among others, cybersecurity governance, risk management, vulnerabilities and remediation, secure access control, and business continuity, among other aspects.• Oversight of the compliance of all security controls for employees based on security clearance requirements stipulated by Airbus. Information… Show more • Cybersecurity Lead for a significant Airbus project comprising of an international team of over 400 individuals. Oversight of all project areas, operations, and technologies, including, among others, cybersecurity governance, risk management, vulnerabilities and remediation, secure access control, and business continuity, among other aspects.• Oversight of the compliance of all security controls for employees based on security clearance requirements stipulated by Airbus. Information classification, access control, encryption, monitoring, etc.• Coordination and supervision of the plan to enhance Training and Awareness in cybersecurity across various operational areas of the project, including codes of conduct, GDPR, data classification, etc.• Advising on security and regulatory compliance in contracts with third parties, including the alignment and validation of the necessary requirements and management of the risks associated with non-compliance. Show less

• Definition of Master Security Plans with actions, responsibilities, priorities, and resources that must be implemented in organizations to enhance their cybersecurity maturity level.• Preparation of detailed reports on organizations' compliance levels with various standards and certifications, such as the National Security Scheme (ENS), ISO 27001, or EIOPA-BoS-20/600, among others.• Advising on security matters in "Journey to Cloud" projects for the transition of on-premise… Show more • Definition of Master Security Plans with actions, responsibilities, priorities, and resources that must be implemented in organizations to enhance their cybersecurity maturity level.• Preparation of detailed reports on organizations' compliance levels with various standards and certifications, such as the National Security Scheme (ENS), ISO 27001, or EIOPA-BoS-20/600, among others.• Advising on security matters in "Journey to Cloud" projects for the transition of on-premise systems and operations to Cloud. Aligning customers' security requirements in cloud environments, including performing security solutions benchmarking across various CSPs (AWS, Azure, OCI, etc.) and risk analysis, among others.• Development and validation of information security regulatory frameworks in various organizations, defining the processes and requirements necessary to safeguard information security in business operations.Main clients: Telefónica, Carrefour, Ibermutua, A.M.A. Seguros and EVO Banco. Show less

• Development of application risk analysis through an in-depth study of their design and architecture. Identification of all possible technical vulnerabilities and regulatory non-compliances that may affect information security. Subsequent development of mitigations to reduce risks.• Vulnerability management in IT assets throughout their entire life cycle: early detection through continuous monitoring, prioritization of vulnerabilities based on their criticality, and subsequent… Show more • Development of application risk analysis through an in-depth study of their design and architecture. Identification of all possible technical vulnerabilities and regulatory non-compliances that may affect information security. Subsequent development of mitigations to reduce risks.• Vulnerability management in IT assets throughout their entire life cycle: early detection through continuous monitoring, prioritization of vulnerabilities based on their criticality, and subsequent remediation. Preparation of periodic reports on the overall status of service management and reporting to senior management.• Conducting assessments of the security maturity level in suppliers, identifying any shortcomings that may negatively impact customers during outsourcing processes.• Development of audits, including GDPR compliance (considering technical and regulatory aspects), integrity audits in information systems (e.g., databases), etc. Subsequent definition of recommendations to correct identified deficiencies.• Development of training plans on the National Security Scheme (ENS) and GDPR, including designing actions, developing materials, quality indicators, exercises, etc.Main clients: Daimler (Mercedes-Benz Group), Red.es, Junta de Extremadura, Ence, Dafabet, and E.Leclerc. Show less

• Development of evaluations and detailed reports on the cybersecurity maturity level for multiple organizations, considering the main domains that affect information security. Subsequent creation and implementation of action plans to address identified shortcomings.• Development and implementation of GRC Offices to ensure corporate governance in matters of security, risk management, and alignment with current regulatory and compliance aspects.• Definition of reporting… Show more • Development of evaluations and detailed reports on the cybersecurity maturity level for multiple organizations, considering the main domains that affect information security. Subsequent creation and implementation of action plans to address identified shortcomings.• Development and implementation of GRC Offices to ensure corporate governance in matters of security, risk management, and alignment with current regulatory and compliance aspects.• Definition of reporting mechanisms, models, and dashboard design in different organizational areas: internal security, incident management, supplier approval, vulnerability management, etc.• Implementation of cybersecurity training and awareness plans, including the design of actions, development of materials, definition of risk roles, quality indicators, cyber exercises, etc.• Drafting of regulatory frameworks to establish the organization's guidelines in cybersecurity matters and alignment with business needs.Main clients: Banco Santander, Bank of Spain, Liberbank, Iberpay, and Canal de Isabel II. Show less

• Acquisition, processing, and analysis of Cyber Threat Intelligence through open (OSINT) and closed sources, including: vulnerability databases, security websites, dark web, media, social networks, intelligence exchange centers, etc.• Support for various teams within the organization, including incident response teams, vulnerability management leaders, risk analysis, or brand protection, among others.• Monitoring and responding to malicious activities, including fraudulent… Show more • Acquisition, processing, and analysis of Cyber Threat Intelligence through open (OSINT) and closed sources, including: vulnerability databases, security websites, dark web, media, social networks, intelligence exchange centers, etc.• Support for various teams within the organization, including incident response teams, vulnerability management leaders, risk analysis, or brand protection, among others.• Monitoring and responding to malicious activities, including fraudulent domains (phishing), cybersquatting, hacktivist attacks, unauthorized information leaks, fraudulent advertisements, etc.• Development of advanced brand protection reports using Social Media Analytics and Big Data tools.• Development of on-demand intelligence investigations: digital footprint reports, attacks on infrastructure, internal threats in the organization, malicious profiles on social networks, etc.Main clients: Endesa, Banco Santander, Mapfre, Banco Sabadell, and CaixaBank. Show less