Browse profiles Post a project
Malt welcom

Welcome to Lander's freelance profile!

Malt gives you access to the best freelancers for your projects. Contact Lander to discuss your project or search for other freelancer profiles on Malt.

Lander Abasolo

Experto en Ciberserguridad

Can work in or around Bilbao, Madrid, Barcelona, La Coruña, Málaga

  • 43.2535
  • -2.93693
  • Suggested rate €600 / day
  • Experience 7+ years
  • Response rate 100%
  • Response time 1 hour
Propose a project The project will begin once you accept Lander's quote.

This freelancer has confirmed part-time availability (2 days per week) in the past 7 days.

Part-time, 2 days per week

Propose a project The project will begin once you accept Lander's quote.

Location and workplace preferences

Bilbao, España
Can work onsite in your office in
  • around Bilbao and 50km
  • Around Madrid and 10km
  • Around Barcelona and 10km
  • Around La Coruña and 10km
  • Around Málaga and 10km


Project length
≤ 1 month
Business sector
  • Aviation & Aerospace
  • Digital & IT
  • Automobile
  • Banking & Insurance
  • Biotech
+46 other


Freelancer code of conduct signed
Read the Malt code of conduct

Verified email


  • English

    Native or bilingual

  • Spanish

    Native or bilingual


Skills (21)

Lander in a few words

Experto en Ciberseguridad.

Mi principal función es la de arquitecto de seguridad con grandes conocimientos del mundo Cloud y SecDevOps. Especialista en definición de arquitecturas y procesos de seguridad para entornos híbridos cloud/onprem.

Adicionalmente realizo trabajos de consultoría relacionados con normativa de seguridad como ISO27001, NIST 800-53, ISAE 3402 SOC2 , Esquema Nacional de Seguridad y demás. Así como definición de planes estratégicos de seguridad.

Tengo conocimientos a nivel de tecnología en los siguientes dominios:
- Cloud Security (Microsoft Defender, Defender for Cloud, Azure Sentinel, Azure ATP, Azure Policies, Azure AD, O365...)
- Secure Networking (NAC Forescout, Netskope CASB, Zscaler Proxy Cloud)
- Malware, (Symantec, McAfee ePO and Trendmicro)
- Data Protection (IBM Guardium, AIP, MIP, IRM, MS DLP)
- Others (Splunk, Archer GRC,..)


Iberdrola - Iberdrola

Energy & Utilities

IT Security Evolution & Cloud Cybersecurity Architect

Bilbao, Biscay, Spain

April 2019 - March 2022 (2 years and 11 months)

- Definition of the long-short term Cybersecurity Roadmap of the company
- Cloud Security and Data Protection expert
- Cloud Cybersecurity Architect

Universitat Oberta de Catalunya

Profesor colaborador - Master Ciberseguridad y Privacidad

September 2019 - Today (2 years and 7 months)

Profesor de Fundamentos de Ciberseguridad

Altamira Asset Management

Global CISO

Madrid, Spain

April 2018 - March 2019 (11 months)

Responsible for designing and implementing the security policies across Spain, Portugal, Cyprus and Greece. Main tasks:
- Security Incident Management & SOC Management
- Vulnerability Management & Ethical Hacking
- IT Risk Management & Risk analysis
- Ethical Hacking
- Tools Management (NAC, Proxy, O365, SIEM, FW...)
- Cloud security

Sabadell Information Systems

IT Security & Compliance Manager

Madrid, Spain

May 2016 - April 2018 (1 year and 11 months)

- Responsible for the IT internal control framework execution of the different branches and countries
- Logical Security, Big Data Securization, Cloud Securization, Communications, Physical Security, Mobile environments...
- Cyber plan & roadmap management.
- Critical infrastructures
- ISAE 3402 Subject-matter expert
- Reporting over the compliance of PCI-DSS & PCI PIN, SCIIF, MiFID, SecurePay...
- Involved in multiple cyber security projects

EY - EY France

Banking & Insurance

Manager - IT Risk & Assurance in Financial Services

Madrid, Spain

September 2011 - May 2016 (4 years and 8 months)

- Definition of a Cyber Security framework based on ECB, NIST, COBIT, FFIEC and ISO 27001 requirements. .
- Definition of the Technological Risk Management Framework and Fraud framework based on ISO 31000, NIST 800-30, COSO and COBIT.
- Cyber Assessments (DLP, NAC, firewalls, IDM, MDM...)
- Definition and audit ISAE 3402 SOC1 and SOC2 reports.
- Design of vendor technological risk assessment methodologies. External and internal benchmarks of the results.
- SOx audits.
- Projects related to the Spanish protection data law LOPD.
- IT Risk audits
- Data assurance using CAATs
- Definition of policies and procedures for performing technological audits i.e: Architecture, SDLC process, technological obsolescence, data quality, hardening, applications security...
- Audit and implementation of security measures for Money Laundering
- Security and segregation of duties (SoD) audit reviews
- Develop UATs for a banking application, daily monitoring of the incidences and reporting to PM
- Certified the correct implementation of the functionality in an application
- Surveys on the service level of vendors Sydney Office International secondment through the Business Mobility Program of EY for talents from September 2013 to October 2014
- Develop a Business Continuity Management, BIA, Risk Assessment, BCP and a Disaster Recovery Plan using ISO 22301 standard
- GS 007 Reports. Third party service organisations
- SSAE 16, Reporting on Controls at a Service Organization
- Project management, UAT and Issue management
- Data migration based in controls MANAGEMENT SKILLS
- Management of teams between 2 to 6 people.
- Ability to manage cross-functional teams and multi-disciplinary projects.
- Definition of proposals to clients, budgeting, cost management and resource planning.
- Design and innovation of new services. Deep experience in international engagements (Luxemburg, UK, USA, Australia and Brasil)

EY - EY France

Senior Consultant

Sydney NSW, Australia

September 2013 - August 2014 (11 months)

DELOITTE - Deloitte Organisation

IT Consultant - Enterprise Risk Services

October 2010 - September 2011 (11 months)

- Audit of General Meeting of Shareholders
- SOx audit at Products&Services companies.
- Business processes reviews including finance, revenue, expenditure, inventory and payroll.
- Internal Control and Risk Analysis.
- Identity and Access Management.
- Fraud audit based on SAS99 AICPA's statement.
- Data testing using data mining and Computer Assisted Auditing Techniques tools.