You're seeing this page as if you were . The main menu is still yours, though. Exit from immersion
Malt Strategy
Alejandro González OstosAG

Alejandro González Ostos

Supermalter

Cybersecurity|ISO 27001 | NIS2 | SOC | vCISO

€467/day
4 projects
Granada, ES
8-15 years
Auditorías
GRC
ISO 27001
SOC2
NIS2

Average response time: 4 hours

About Alejandro

I help regulated organizations reduce security risk and demonstrate compliance — through rigorous auditing, governance frameworks, and strategic advisory.With over a decade of experience in cybersecurity and GRC, I specialize in ISO 27001 implementations and internal audits, NIS2 readiness assessments, and Fractional CISO engagements for startups and SMEs operating in regulated sectors such as healthcare, fintech, and SaaS.My background combines technical depth with regulatory expertise across ISO 27001, NIS2, SOC 2, ENS, GDPR, and DORA — enabling me to bridge the gap between security operations and board-level governance.I work as an independent advisor and lead auditor, delivering structured, audit-ready outputs: gap analyses, risk treatment plans, compliance roadmaps, and executive reporting. Engagements are designed to be actionable from day one, with clear milestones and defensible documentation.What I typically work on:— ISO 27001 internal audits, readiness assessments, and certification support

— NIS2 gap assessments and governance roadmaps for essential and important entities

— SOC 2 readiness advisory for SaaS and cloud-native companies

— Fractional vCISO services: security strategy, risk governance, and board reporting

— Human risk programs and security awareness for regulated environmentsSectors: Healthcare · Fintech · SaaS · Pharma · Public SectorLanguages: Spanish (native) · English (C1) · German (B1)
Consulting and Audits
Medical Devices
Telecommunications
Biotechnologies
Health and Wellness

  • Spanish

    Native or bilingual

  • English

    Fluent

  • German

    Conversational

Can work on-site
Granada (up to 50km), Madrid (up to 50km), Málaga (up to 50km)

Experience

  • Red de Mentores de Madrid Emprende
    | Cybersecurity & Governance Advisor
    TELECOMMUNICATIONS
    January 2026 - Today (6 months)
    Granada, Spain
    Mentor and advisor within the Madrid Emprende startup ecosystem, supporting founders, SMEs and scale-ups in cybersecurity, governance, risk management and regulatory compliance.

    Advising organizations on ISO 27001, NIS2, GDPR, SOC 2 readiness, cybersecurity strategy, operational resilience and information security governance. Helping teams identify risks, improve cyber maturity, strengthen compliance programs and build scalable security frameworks aligned with business objectives.

    Areas of focus include cybersecurity assessments, gap assessments, internal audit readiness, risk management, third-party risk, security awareness, governance, risk and compliance (GRC), and fractional CISO advisory for regulated and high-growth environments.
    NIS2 ISO 22301 ISO 27001 Lead Implementer
  • Accurate Global INC
    SOC 2 Auditor / Readiness Consultant
    TELECOMMUNICATIONS
    February 2024 - Today (2 years and 5 months)
    Granada, Spain
    Aquí tienes la versión reescrita, más limpia y orientada a impacto. Eliminé la estructura de bullets dobles (áreas + resultados) porque en Malt ocupa demasiado espacio y dispersa el foco. Lo condensé en un bloque que posiciona bien y cabe dentro del límite de 2.000 caracteres.

    Texto para copiar en Malt — campo Descripción

    SOC 2 Readiness Consultant focused on SaaS companies and regulated environments preparing for Type I and Type II audits.
    I help organizations build compliance programs that hold up under external audit — not by papering over gaps, but by connecting controls, risk, operations, and evidence into structures that are traceable, defensible, and aligned with how the business actually runs.
    Core areas of work:
    — Security maturity and risk assessments

    — SOC 2 Trust Services Criteria control design

    — Type I / Type II readiness programs

    — Internal audit and audit simulation support

    — Evidence architecture and operational compliance (ISO 27001, NIS2)

    — Executive reporting: KPIs, KRIs, and governance visibility
    Typical outcomes: audit-ready evidence structures, controls aligned with real operations, reduced friction during external reviews, and compliance programs built to scale.
    Auditorías Cybersecurity Incident Management GRC (Governance, Risk and Compliance) Data Privacy (GDPR, CCPA) SOC2
  • Consultor Senior en ISO 27001, NIS2, SOC 2 & Riesgo Humano
    Founder
    TECH
    January 2024 - Today (2 years and 6 months)
    Spain
    Senior Cybersecurity & GRC Consultant specialized in helping regulated organizations across healthcare, SaaS, fintech and public sector environments achieve an audit-ready state for ISO 27001, SOC 2, NIS2, ENS and information security compliance programmes.

    I help organizations design, implement and operationalize Information Security Management Systems (ISMS), governance frameworks, risk management programmes and compliance initiatives that connect risk, controls, operations and evidence in a measurable, auditable and business-aligned manner.

    My focus is not producing documentation for compliance purposes alone. My work is centred on transforming cybersecurity, governance and compliance into operational capabilities that withstand audits, customer due diligence, procurement reviews and regulatory assessments.

    Core expertise:

    • ISO 27001 implementation, ISMS operationalization and internal audits
    • SOC 2 Readiness (Type I & Type II)
    • NIS2 and ENS readiness programmes
    • Governance, Risk & Compliance (GRC)
    • Cybersecurity risk assessments and treatment plans
    • Audit readiness and evidence architecture
    • Information security governance
    • Executive reporting, KPIs and KRIs
    • Fractional vCISO services
    • Third-party and supplier risk management
    • Security awareness and human risk governance

    Typical outcomes:

    • Reduced audit findings and compliance gaps
    • Improved cybersecurity maturity
    • Stronger governance and risk management
    • Traceable and defensible audit evidence
    • Scalable and sustainable security programmes

    Services:

    • ISO 27001 Readiness Assessments
    • Internal Audit Programmes
    • SOC 2 Readiness Support
    • NIS2 Gap Assessments
    • ENS Readiness Reviews
    • Fractional vCISO Services
    • GRC Advisory & Governance Programmes
    Phishing Ciberseguridad Auditorías Ingeniería Social Concienciación de Seguridad
Check out Alejandro's experience

Reviews

5,0

Out of 1 rating

M

Miguel

Miguel Bamio Martínez

Reviewed on 06/11/2025

Alejandro se mostró colaborativo desde un inicio, intentando encontrar la mejor forma de abordar el proyecto dentro de las posibilidades que teníamos a nuestro alcance, siempre abierto a escuchar mis inquietudes y redirigir la forma de trabajar si fuera necesario, actuando de forma profesional en todo momento.

Recommendations

HC
EO
MM
Hernan Cordova and 2 other people have recommended Alejandro

These freelancer profiles also match your criteria

AgathaA

Agatha Frydrych

Backend Java Software Engineer

4.7

(3)

2

BaptisteB

Baptiste Duhen

Fullstack developer

4.6

(4)

5

AmedA

Amed Hamou

Senior Lead Developer

4

(2)

7

AudreyA

Audrey Champion

Web developer

4.3

(3)

4

Signup to reveal

Education

  • Cisco Certified Support Technician – CCST Cybersecurity
    Cisco Networking Academy
    2025
    Network Security · Threat Detection · Traffic Analysis · Cybersecurity Fundamentals · Incident Response Basics
  • Cybersecurity expert
    The Valley Digital Business School
    2023
    Ethical Hacking · ISO 27001 · PowerShell · Bash · Phishing · Auditoría técnica
Check out Alejandro's education

Skill set

ISO 27001 Lead Implementer
ISO 27001 Lead Auditor
Protección de datos (GDPR, CCPA)
Ingeniería Social
Concienciación
ISO 22301
Arquitectura de TI
Ciberseguridad
Compliance
Seguridad de la información
Evaluación de riesgos
Evaluación de madurez en ciberseguridad
Consultoría y auditoría
ENS
Gestión de incidentes de ciberseguridad
Análisis de riesgos
Phishing

Categories