Cybersecurity — GRC Specialist

Governance, Risk
& Compliance
Professional

Industrial engineer turned cybersecurity professional with 8+ years of experience in governance, operational compliance, data protection, and security awareness. Specializing in bridging continuous improvement methodologies with regulatory frameworks to build resilient, auditable security programs.

Aguascalientes / Mexico City, MX [email protected] LinkedIn
8+
Years Experience
7+
Concurrent Audits
92
ISO 27001 Controls
EU‑wide
NIS2 Scope

Cybersecurity professional with 8+ years of experience in governance, operational compliance, SOX ITGC support, data protection, DLP, insider threat analysis, ISO 27001, NIS2, and Swift CSCF 2025 alignment. Skilled in process standardization, audit evidence preparation, phishing simulations, multimedia content creation, and LMS operations. Strong ability to translate cybersecurity requirements into structured workflows for cross‑functional teams. Coming from a background in industrial engineering with a relentless focus on continuous improvement, I approach GRC not as a checkbox exercise but as an opportunity to build resilient systems that protect real people and real assets.

// Career Path

Professional Experience

Dec 2024 — Present
IT GRC Specialist
Global Specialty Chemicals Company — Remote
  • Lead the EU‑wide NIS2 Directive compliance project across all European countries of operation
  • Support ISO 27001, NIS2, and Swift CSCF 2025 operational requirements including documentation review and evidence collection
  • Manage 7+ concurrent audits and assessments (penetration tests, investor due diligence, cyber insurance, maturity assessments, ESG cyber audits)
  • Drive the ISO 27001:2022 certification roadmap — 92 applicable controls, addressing 37 non‑conformities
  • Execute phishing simulation campaigns with reporting and retraining via Proofpoint PSAT
  • Develop cybersecurity awareness content using EasyGenerator, PowerPoint, and HeyGen
  • Manage creation, deployment, and reporting of learning modules in SAP SuccessFactors
  • Pioneer AI integration in GRC workflows as part of the company's AI Pilot group — automated 2+ major manual processes in the first 2 weeks
  • Created the "Agile AI-VSM" methodology with 6 templates for scalable AI adoption across departments
  • Rebuilt GRC processes from the ground up after 6 responsible persons departed without proper transition
Jun 2024 — Aug 2024
SOC Engineer
Softtek — Client: Coppel
  • Analyzed malware and suspicious activity using Trellix
  • Validated remediation steps and documented incident actions
Jan 2024 — Jun 2024
Insider Threat Analyst
Softtek — Client: GE Healthcare
  • Investigated alerts (USB, email, cloud) using Splunk and Securonix
  • Classified events based on behavioral indicators; escalated high‑risk cases
Apr 2023 — Dec 2023
Project Manager, GRC Office
Softtek — Client: GE Corporate
  • Coordinated access remediation during GE corporate separation
  • Created structured weekly reports with progress and blockers
  • Consolidated ownership mapping for applications, servers, and databases
Jun 2022 — Dec 2023
Program Manager, GRC Office
Softtek — Client: GE Corporate
  • Tracked GRC initiatives including IAM, remediation, and SOX support
  • Created dashboards, templates, and workbooks for documentation consistency
  • Standardized documentation practices across teams
Oct 2021 — Jun 2022
IAM Analyst
Softtek — Client: GE Corporate
  • Analyzed non‑compliant Windows/Unix local accounts for SOX ITGC requirements
  • Coordinated remediation and documented operational procedures
  • Supported integration of accounts into credential management solutions
Aug 2016 — Jan 2021
DLP Analyst
Softtek — Client: GE Power
  • Reviewed DLP alerts for offboarding employees to identify potential data leakage
  • Classified alerts by intent and escalated high‑risk cases
  • Supported workflow coordination and small automation improvements
2019 — 2020
Educator
Cecytea
  • Taught English, Physics, and industrial tools to high school students
// Key Initiatives

Featured Projects

🇪🇺
NIS2 Directive Compliance
Leading EU‑wide implementation of NIS2 compliance across all European countries of operation. Coordinating cross‑country regulatory alignment, gap assessments, and remediation planning for a global organization.
NIS2EU RegulationMulti-Country
🏗️
ISO 27001:2022 Certification
Driving the roadmap toward ISO 27001:2022 certification. Managing 92 applicable controls across 4 domains, addressing 37 non‑conformities (17 major). Physical domain near target (2.93/4.0); Organizational domain most critical (1.81/4.0).
ISO 2700192 ControlsMaturity 2.25
🤖
Agile AI-VSM Methodology
Created the "Agile AI Value Stream Mapping" methodology — a Scrum‑based framework to integrate AI into business processes. Developed 6 operational templates (Charter, Backlog Board, Pattern Library, Sprint Canvas, Close‑out, Tracker).
AI-VSMScrum6 Templates
📊
Phishing Metrics Dashboard
Building a PowerBI executive dashboard integrating security awareness platform data with Power Queries, DAX formulas, and API pagination. Visualizing phishing simulation metrics, click rates, and awareness trends.
PowerBIProofpointDAX
🛡️
SME Cybersecurity Consultancy
Independent project focused on providing cybersecurity awareness training and phishing simulations to Small and Medium Enterprises. Packaging enterprise‑grade expertise into accessible, actionable consultancy models for SMEs.
ConsultingAwarenessSME
GRC Process Automation
Automated 2+ major manual GRC processes in the first 2 weeks using AI. Pioneering AI adoption within the organization's Pilot group, demonstrating scalable integration patterns applicable across departments.
AIAutomationPilot Group
// Competencies

Skills & Expertise

GRC & Compliance
ISO 27001:2022
NIS2 Directive
SOX ITGC
Swift CSCF 2025
Audit Management
Data Protection / DLP
Risk Assessment
Tools & Platforms
Proofpoint / TAP / PSAT
SharePoint / M365
Splunk
Digital Guardian / Trellix
SAP SuccessFactors LMS
PowerBI / DAX / Power Query
EasyGenerator / HeyGen
Methodology & Soft Skills
Lean / VSM
Scrum / Agile
Process Automation
Continuous Improvement
AI Integration
Bilingual EN/ES Communication
Stakeholder Translation
// Education & Certifications

Academic Background

🎓
M.Sc. in Cybersecurity
CEUPE European Business School — Madrid, Spain
Completed. Degree awarded through academic excellence (GPA above distinction threshold).
🏭
B.Sc. in Industrial Engineering
Tecnológico de Aguascalientes — Mexico
2010 – 2015
📋
Certifications In Progress
TÜV NORD — Internal Auditor ISO/IEC 27001
TÜV NORD — Internal Auditor ISO 22301 · CISSP — Target H1 2026
🌐
Languages
Spanish — Native · English — Advanced
Bilingual professional communication in both business contexts
// Innovation

Agile AI-VSM Methodology

A Scrum‑based framework to identify, prioritize, and implement AI augmentation across business workflows. Designed to be repeatable and scalable across departments — adapting Value Stream Mapping principles to cognitive knowledge work. Each sprint delivers one working AI-augmented process in two weeks, not a plan to eventually deliver one.

0
Foundation
Define scoring criteria, build Pattern Library, align with leadership. One-time setup.
1
Discover
Pick highest‑pain process using 5 trigger questions. Quick-map in 30 min.
2
Score
Rate AI Feasibility × Business Impact. Classify into reusable patterns.
3
Build
Design the AI solution: prompt, skill, or workflow. Test with real data.
4
Demo
Measure before/after. Demo to stakeholders. Adopt or iterate.
// Beyond the Terminal

Personal Interests

🎧
Hi-Fi Audio
Fine-tuning a high-fidelity setup — Tidal via Questyle M15C DAC and Sennheiser HD 400S
🔮
Philosophy
Exploring the deeper mechanics of systems like Alchemy and Kabbalah
🚀
Sci-Fi
Watching high-concept science fiction that challenges perception
Deportivo Toluca
Because even in a zero-trust architecture, you still have to trust the process

"The goal is never just to check a compliance box; it is to build resilient systems that protect real people and real assets."