Welcome to Lander's freelance profile!
This freelancer has confirmed part-time availability (2 days per week) in the past 7 days.
Part-time, 2 days per week
Location and workplace preferences
- Location
- Bilbao, España
- Can work onsite in your office in
-
- around Bilbao and 50km
- Around Madrid and 10km
- Around Barcelona and 10km
- Around La Coruña and 10km
- Around Málaga and 10km
Preferences
- Project length
-
≤ 1 month
- Business sector
-
- Aviation & Aerospace
- Digital & IT
- Automobile
- Banking & Insurance
- Biotech
+46 other
Verifications
Freelancer code of conduct signed
Read the Malt code of conduct
Languages
-
English
Native or bilingual
-
Spanish
Native or bilingual
Categories
Skills (21)
- Security
-
-
-
-
- All
-
-
-
-
Lander in a few words
Mi principal función es la de arquitecto de seguridad con grandes conocimientos del mundo Cloud y SecDevOps. Especialista en definición de arquitecturas y procesos de seguridad para entornos híbridos cloud/onprem.
Adicionalmente realizo trabajos de consultoría relacionados con normativa de seguridad como ISO27001, NIST 800-53, ISAE 3402 SOC2 , Esquema Nacional de Seguridad y demás. Así como definición de planes estratégicos de seguridad.
Tengo conocimientos a nivel de tecnología en los siguientes dominios:
- Cloud Security (Microsoft Defender, Defender for Cloud, Azure Sentinel, Azure ATP, Azure Policies, Azure AD, O365...)
- Secure Networking (NAC Forescout, Netskope CASB, Zscaler Proxy Cloud)
- Malware, (Symantec, McAfee ePO and Trendmicro)
- Data Protection (IBM Guardium, AIP, MIP, IRM, MS DLP)
- Others (Splunk, Archer GRC,..)
Experience
Iberdrola - Iberdrola
Energy & Utilities
IT Security Evolution & Cloud Cybersecurity Architect
- Cloud Security and Data Protection expert
- Cloud Cybersecurity Architect
Universitat Oberta de Catalunya
Profesor colaborador - Master Ciberseguridad y Privacidad
Altamira Asset Management
Global CISO
- Security Incident Management & SOC Management
- Vulnerability Management & Ethical Hacking
- S-SDLC
- IT Risk Management & Risk analysis
- Ethical Hacking
- BCP
- IAM
- Tools Management (NAC, Proxy, O365, SIEM, FW...)
- Cloud security
Sabadell Information Systems
IT Security & Compliance Manager
- Responsible for the IT internal control framework execution of the different branches and countries
- Logical Security, Big Data Securization, Cloud Securization, Communications, Physical Security, Mobile environments...
- Cyber plan & roadmap management.
- Critical infrastructures
- ISAE 3402 Subject-matter expert
- Reporting over the compliance of PCI-DSS & PCI PIN, SCIIF, MiFID, SecurePay...
- Involved in multiple cyber security projects
EY - EY France
Banking & Insurance
Manager - IT Risk & Assurance in Financial Services
- Definition of a Cyber Security framework based on ECB, NIST, COBIT, FFIEC and ISO 27001 requirements. .
- Definition of the Technological Risk Management Framework and Fraud framework based on ISO 31000, NIST 800-30, COSO and COBIT.
- Cyber Assessments (DLP, NAC, firewalls, IDM, MDM...)
- Definition and audit ISAE 3402 SOC1 and SOC2 reports.
- Design of vendor technological risk assessment methodologies. External and internal benchmarks of the results.
- SOx audits.
- Projects related to the Spanish protection data law LOPD.
- IT Risk audits
- Data assurance using CAATs
- Definition of policies and procedures for performing technological audits i.e: Architecture, SDLC process, technological obsolescence, data quality, hardening, applications security...
- Audit and implementation of security measures for Money Laundering
- Security and segregation of duties (SoD) audit reviews
- Develop UATs for a banking application, daily monitoring of the incidences and reporting to PM
- Certified the correct implementation of the functionality in an application
- Surveys on the service level of vendors Sydney Office International secondment through the Business Mobility Program of EY for talents from September 2013 to October 2014
- Develop a Business Continuity Management, BIA, Risk Assessment, BCP and a Disaster Recovery Plan using ISO 22301 standard
- GS 007 Reports. Third party service organisations
- SSAE 16, Reporting on Controls at a Service Organization
- Project management, UAT and Issue management
- Data migration based in controls MANAGEMENT SKILLS
- Management of teams between 2 to 6 people.
- Ability to manage cross-functional teams and multi-disciplinary projects.
- Definition of proposals to clients, budgeting, cost management and resource planning.
- Design and innovation of new services. Deep experience in international engagements (Luxemburg, UK, USA, Australia and Brasil)
EY - EY France
Senior Consultant
DELOITTE - Deloitte Organisation
IT Consultant - Enterprise Risk Services
- Audit of General Meeting of Shareholders
- SOx audit at Products&Services companies.
- Business processes reviews including finance, revenue, expenditure, inventory and payroll.
- Internal Control and Risk Analysis.
- Identity and Access Management.
- Fraud audit based on SAS99 AICPA's statement.
- Data testing using data mining and Computer Assisted Auditing Techniques tools.
Are you sure? Your recommendation will be permanently deleted
Education
-
Postgraduate Master on Information Security, Computer sciences
Universidad de Deusto
2011 Postgraduate Master on Information Security, Computer sciences
-
Computer Science Engineering, Computer Sciences
Universidad de Deusto
2010 Computer Science Engineering, Computer Sciences
-
Computer Science Engineering, Computer Sciences
Česká zemědělská univerzita v Praze
2010 Computer Science Engineering, Computer Sciences