Jun 2023 – Sep 2025 · 2 yrs 3 mos · London, England, United Kingdom

• Acting as the primary responsible for first line of defense functions, I led PMI’s global cybersecurity program and BAU services across R&D and Operations business units (covering Product Innovation, Product Engineering, Quality Regulatory Affairs, Manufacturing Engineering Services, Manufacturing Solutions and Services, Supply Chain and Track & Trace Solutions).
• I was responsible of the planning, orchestration and delivery of a global Industrial/ OT cybersecurity program across all PMI factories, in alignment with ISA/IEC 62443 series of standards.
• I was also in charge of designing and executing the cybersecurity program for Product to fortify “Device to Cloud” defense for smoke-free portfolio, which includes heated tobacco (IQOS), e-vapor, and oral smokeless products.
• My role, also acting as the global BISO and working closely with the CISO, was to bridge the gap between security and business interests, contributing to security awareness and overseeing the strategy implementation across all areas of the business units. As the cybersecurity champion for the business, my responsibilities covered a wide range of activities (from project to BAU), including defining and prioritizing risk treatment strategy, developing capabilities across the cybersecurity value chain, orchestrating the execution of risk treatment activities, and embedding “security by design” across processes and technologies.

Aug 2021 – Jun 2023 · 1 yr 10 mos · London, England, United Kingdom

• Built and led the Digital Trust and Cybersecurity research practice. I successful managed to setup a global research team and delivered a wide range of initiatives for global service providers and enterprise clients.
• I don’t look at cybersecurity as a tech-only puzzle. My research agenda gravitates around two domains, augmentation and protection, and focuses on six core thematic research pillars: the remit and goals of the CISO in the hyperconnected world, reducing the IT risk and security skill gap, augmenting IT and security functions (across the 3 lines of defense) with intelligent solutions, trusting the cloud security environment, managing identity and access risks, and responding to modern security threats.
• My custom research projects allowed me to work very closely with cybersecurity executives in Global 2000 enterprises. The goal of such projects was to provide data-driven analysis and strategic recommendations in areas such as ransomware, zero trust, digital identity, next generation SOC, cyber risk quantification, cloud security, Security-as-a-Service (SECaaS) models, GRC, Cyber Ranges, and security automation and orchestration.

Sep 2020 – Aug 2021 · 11 mos

• I was part of the Core Tech Strategy & Transformation Leadership Team in the capacity of Senior Director. Working closely with the CISO leadership team, my key objective was to build/design/operate a new global Cybersecurity and Control Governance function aimed at managing and governing cybersecurity risks across GSK corporate and business-unit specific areas.
• Led the design, build and deployment of a global environment to manage privileged access across IT and OT environments (supported by CyberArk, SailPoint, Splunk and Imperva solutions).
• Led the deployment of new breed of managed security services (looking beyond cybersecurity-centric services, delivered through traditional MSSP models, and deploying a more evolutionary model that unifies cybersecurity and compliance “by design”).
• Designed the Cybersecurity Target Operating Architecture and Model for Haleon, the new consumer healthcare company.
• Led the global Security Governance program with an “automation-first” mindset. I managed the deployment of advanced automation and monitoring mechanisms via different technological enablers (dedicated off-the-shelf solutions, custom build engine, RPA, Intelligent Automation, ML) to continuously monitor and measure the operating effectiveness of existing risks and controls.

Oct 2019 – Aug 2020 · 10 mos

Jan 2017 – Sep 2019 · 2 yrs 8 mos

• My role was to setup a global GRC function to manage risks and controls governing the most critical processes supported by global applications at GSK (such as the global ERP system, SAP, that supports all core operations from manufacturing to finance). My initial goal was to support the deployment of security framework across all regions and implement a “GRC by design” template to ensure risk and compliance standardization across global and BU-specific IT and Business functions.
• I have also led the design and deployment of one of the largest global Intelligent Automation programs across all GSK Business Units (including the implementation of a global Automation Centre of Excellence and enablement of regional scalable Automation Deliver Hubs).

Jul 2013 – Sep 2016 · 3 yrs 2 mos · London, England, United Kingdom

Apr 2010 – Jun 2013 · 3 yrs 2 mos · London, England, United Kingdom

Sep 2006 – Mar 2010 · 3 yrs 6 mos · Madrid, Community of Madrid, Spain

Apr 2005 – Aug 2006 · 1 yr 4 mos · Madrid, Community of Madrid, Spain