Carlos Ortega

Head of GRC and Security

Greater Madrid Metropolitan Area

About

I work as an information security consultant, understanding it as a horizontal process that helps technology adds value to the business. I am particularly comfortable working in collaborative environments where professionals, with different approaches, can contribute their skills in order to create a shared vision to address complex projects. I like to work as a facilitator of change initiatives of customers, which allow them to stay aligned to best practices and changing needs of the industry. EXPERIENCE - Consulting and project management functions across the full lifecycle of service solutions. - Collaboration in Transition & Transformation projects. - Compliance auditing procedures. - Training and awareness programs.

Experience

  • Tymit (Remote Spain)
    • Head of GRC and Security
      Oct 2025 - Present · 10 mos

      Driving security excellence and compliance efficiency in fintech. Focused on transforming reactive operations into proactive, strategically aligned initiatives. Building governance frameworks across technology, product, and operations functions. Key areas: ISMS | Enterprise Risk Management | ISO 27001 | PCI DSS | Security Governance

    • GRC manager
      Dec 2023 - Sep 2025 · 1 yr 10 mos

      Developing a GRC strategy that aligns with the organisation's objectives and helps manage risks effectively, substantially contributing to the Enterprise Risk Management Framework from information security and business continuity perspectives.

  • ENS Lead Auditor (Third-Party Certification Audits) at AUDERTIS Audit Services, S.L.
    Dec 2025 - Present · 8 mos

    Lead and coordinate third-party certification audits under the Spanish National Security Scheme (ENS).

  • Independent Consultant at Change Navigators
    May 2020 - Dec 2024 · 4 yrs 8 mos

  • Logalty (Freelance · 5 yrs 10 mos)
    • Information Security Advisor
      Oct 2022 - Oct 2023 · 1 yr 1 mo

      * Security by Design * Security & Continuity Internal Audit

    • Information Security & Business Continuity Manager
      Jan 2018 - Oct 2022 · 4 yrs 10 mos

  • Information Security Consultant at freelance
    Jan 2018 - Jan 2023 · 5 yrs 1 mo

    Freelance activity as Senior Information Security Consultant at Astrea La Infopista Jurídica SL. Main areas of activity: - Security governance - Information security risk analysis - Trusted Service Providers - Organizational consulting