You're seeing this page as if you were . The main menu is still yours, though. Exit from immersion
Malt Strategy
Fabrizio Di CarloFD

Fabrizio Di Carlo

Chief Information Security Officer

€926/day
Madrid, ES
8-15 years
Cybersecurity
Security Leadership
GRC
Security Architecture
Cloud

Average response time: 1 hour

About Fabrizio

I help organizations turn cybersecurity from a compliance burden into a business advantage.

As the Managing Director of ContrailRisks, a boutique cybersecurity and risk advisory firm based in Germany, I specialize in helping companies build clarity, direction, and resilience in their security strategy. My work bridges the gap between compliance frameworks and real-world implementation — ensuring that security programs are not only audit-ready but truly risk-informed and business-aligned.

I’ve spent over a decade working at the intersection of cybersecurity, risk management, and regulatory compliance across financial services, critical infrastructure, and technology sectors. Whether supporting a fintech with DORA or ISO 27001, a SaaS startup pursuing SOC 2, or a multinational improving governance and resilience, I bring a strategic yet pragmatic approach that prioritizes measurable outcomes and stakeholder confidence.

What I bring to the table:
  • Deep expertise in frameworks such as ISO 27001, ISO 42001, NIS2, DORA, SCF, and CMMC.
  • Proven track record designing and implementing security programs, risk registers, and GRC architectures.
  • Hands-on experience as a vCISO, helping organizations scale secure operations, governance, and culture.
  • Strong communication and executive alignment skills, translating technical risk into board-level clarity.
Typical projects:
  • vCISO engagements and cyber resilience assessments
  • ISO 27001 implementation and certification readiness
  • DORA, NIS2, and regulatory gap analysis
  • Security policy and control library design
  • Risk assessment, third-party risk, and incident response planning

My approach is simple: security should enable growth, not slow it down. I work as a trusted partner, not just a consultant, to help clients stay in control, compliant, and resilient in an evolving threat and regulatory landscape.


Banking and Financial Services
Consulting and Audits
Digital and IT Services
Digital Business Models
E-commerce

  • English

    Native or bilingual

  • Italian

    Native or bilingual

  • Spanish

    Basic

Can work on-site
Madrid (up to 50km)

Experience

  • Cyber Monks GmbH
    Chief Information Security Officer
    DIGITAL AND IT
    September 2023 - March 2026 (2 years and 6 months)
    Frankfurt, HE, Germany
    Served as the first CISO, establishing the security vision and enterprise-wide program for a cloud-native, product-led SaaS. Elevated customer trust to accelerate revenue growth by enabling sales, marketing, and customer success teams. Defined strategic security priorities and represented the company externally as a thought leader. Drove modernization through DevSecOps adoption, embedding governance and security controls into CI/CD pipelines and Azure cloud infrastructure.
    Security Leadership Cloud IAM IT-Security
  • ContrailRisks
    Managing Director
    CONSULTING AND AUDITS
    November 2024 - Today (1 year and 7 months)
    Frankfurt, Germany
    • Founded and lead a cybersecurity advisory firm focused on virtual CISO services for financial, SaaS, and critical infrastructure clients.
    • Advise executive teams on cyber risk, regulatory compliance (DORA, NIS2, ISO 27001), and incident preparedness.
    • Built and executed security programs from scratch, driving measurable maturity improvements.
    • Delivered tailored risk assessments, policies, and cloud security guidance (AWS, Azure).
    • Scaled the business through client acquisition, partnerships (Vanta, AWS, etc), and a network of senior consultants.
    Cybersecurity IT-Security Security Leadership
  • Avanade
    Group Manager
    January 2023 - November 2024 (1 year and 10 months)
    Frankfurt, HE, Germany
    • Oversaw a team of IAM and PAM consultants and specialists, ensuring high-quality delivery across multiple client engagements.
    • Led both advisory and hands-on delivery of IAM/PAM solutions, aligning security and business priorities with Microsoft and partner technologies.
    • Developed and scaled practice-wide IAM strategies, frameworks, and capability-building initiatives across regions.
    • Managed executive-level client relationships, advising CxOs on security, identity governance, and Zero Trust adoption.
    • Drove growth of Avanade's IAM offerings through presales, RFP's, and thought leadership, contributing to pipeline expansion.
    • Aligned IAM initiatives with broader cybersecurity, compliance, and digital transformation programs to maximize client value.
    • Recognized twice with the "Inspire Greatness" award for delivering high-impact cloud security training (AZ-900) to cross-European teams.
Check out Fabrizio's experience

Recommendations

Be the first to recommend Fabrizio

Help this freelancer shine by sharing your experience working together.

These freelancer profiles also match your criteria

AgathaA

Agatha Frydrych

Backend Java Software Engineer

4.7

(3)

2

BaptisteB

Baptiste Duhen

Fullstack developer

4.6

(4)

5

AmedA

Amed Hamou

Senior Lead Developer

4

(2)

7

AudreyA

Audrey Champion

Web developer

4.3

(3)

4

Signup to reveal

Education

  • CLI/ISC2 Cyber Leadership Program
    Cyber Leadership Institute
    2025
    CLI/ISC2 Cyber Leadership Program
  • INSEAD
    2024
Check out Fabrizio's education

Skill set

Data Privacy (GDPR, CCPA)
GRC (Governance, Risk and Compliance)
Least Privilege Principles
Risk and Vulnerability Assessment
Security Awareness Training
IT Architecture
IT Strategy
IT Vendor Management and Procurement
DevSecOps
Infra as Code
Microservices Architecture
SRE Principles
Data Integrity and Governance
Cloud Platforms and Infrastructure
Workshops Facilitation
Digital Transformation
IT-Security
Leadership
Team management

Categories