Madrid, Community of Madrid, Spain
Senior Cybersecurity Leader with 14+ years of experience delivering IT Security Assessments, Penetration Testing, Vulnerability Management, and Red Team Operations for multinational organizations in the energy and technology sectors. Proven track record managing the full security assessment lifecycle — from scoping and planning to execution, reporting, remediation tracking, and closure — across IT, OT, and cloud environments (AWS, Azure). Adept at aligning cybersecurity strategies with business goals, reducing remediation times, and improving compliance with ISO 27001, NIST, and CIS Controls. Skilled in vendor management, budget oversight, and multinational stakeholder engagement. Experienced in leading cross-functional and geographically dispersed teams in Europe, USA, and Latin America. Strong technical background in ethical hacking, industrial control systems (ICS/SCADA) security, and cloud security. Specialties: IT Security Assessments | Pentesting | Vulnerability Assessment | Red Team | Risk Management | Incident Response | Cloud Security | IT/OT Security | Vendor & Budget Management | ISO 27001 | NIST | CIS Controls.
Responsible for defining, implementing, and overseeing the cybersecurity governance, data protection, and compliance framework across ICT Iberia, ensuring alignment with Enel Group policies and regulatory requirements (GDPR, ENS, NIS2). Key responsibilities include: - Leading the cybersecurity governance and compliance model for a large-scale IT/OT perimeter, covering over 560 applications and 445 industrial (OT) installations, ensuring the effective implementation of corporate security controls and policies. - Acting as Cyber Security Response Referent, coordinating incident management and response activities in close collaboration with CERT Enel and global stakeholders. - Overseeing technology risk management processes (BIA, Risk Assessment, DPIA), ensuring risk-based decision-making throughout the entire lifecycle of IT and OT systems. - Driving Security by Design, ethical hacking, resilience (High Availability & Disaster Recovery), and continuous improvement of the information security management framework. - Ensuring regulatory and corporate compliance (GDPR, IT Control System, Cyber Security Framework), and coordinating with audit, risk, and information security governance bodies. - Acting as a key interface between business units, ICT, and global functions, enabling the adoption of cybersecurity capabilities across digital and industrial environments. - Leading a specialized team in governance, data protection, cybersecurity, and compliance, fostering expertise, accountability, and operational efficiency.
- Lead IT/OT security assessments for 65 power plants (8.2 GW) and 35 cloud-based applications (AWS, Azure) in USA & Canada. - Manage full security assessment lifecycle: planning, execution, reporting, remediation tracking, and closure. - Oversee pentesting and vulnerability assessment programs aligned with ISO 27001, NIST, and CIS Controls. - Coordinate vendor management and budgets >$1 million annually. - Achieved 45% reduction in remediation time, improving overall security posture.
- Designed and implemented digital solutions addressing critical business challenges. - Supervised $10M budget and 12-member team delivering secure IT/OT automation solutions. - Spearheaded adoption and change management initiatives, ensuring seamless integration of solutions across regions. - Implemented secure-by-design principles and drove change management.
- Conducted in-depth cybersecurity assessments for processes, applications, and infrastructure. - Coordinated emergency response plans and mitigation strategies, enhancing resilience.
- Directed global Red Team and pentesting engagements in IT/OT environments to identify and mitigate cyber risks. - Managed end-to-end engagements from scoping to remediation. - Executed technical audits, including ethical hacking, penetration testing, and vulnerability assessments. - Developed group-wide cybersecurity policies in collaboration with IT leadership.
- Led audits of IT/Cloud, telecommunications, and fraud risk operations for Enel Chile and Enel Americas. - Advised board members on strategic risk mitigation measures.