Fabio Genovese
@fabiogenovese
Fractional CISO delivering ISO 27001, SOC 2, GDPR, and resilient incident response for regulated orgs.
What I'm looking for
I’m a security leader and fractional CISO with 14+ years across fintech SaaS, Industrial IoT, telecom SOC, and regulated EU environments. I bring hands-on ownership of ISO 27001, SOC 2, GDPR, and NIS2/CRA readiness, with a strong focus on incident response, third-party risk, and clear executive reporting.
I’ve led ISO 27001 implementations for SaaS and Industrial IoT environments, translating requirements into pragmatic controls that teams can actually run. I also guided a fintech SaaS company through SOC 2 Type II with no major findings, strengthening governance without slowing delivery.
For payment and document-exchange SaaS used by 30+ EU financial institutions, I directed end-to-end security—from building incident-response playbooks and 24×7 on-call rotations to improving MTTD/MTTR by 55%. I further accelerated vendor risk cycles by introducing a vendor-risk methodology and SLA language, reducing assessments from four weeks to ten days.
In my current advisory role, I help European SMEs, SaaS companies, fintechs, ISPs, and regulated technology businesses build security operating models, risk registers, evidence frameworks, KPIs, and security roadmaps—even when internal capacity is limited. I also oversee technical initiatives like SIEM/SOC design, vulnerability management, endpoint and cloud security baselines, and incident response workflows.
Experience
Work history, roles, and key accomplishments
Fractional CISO
Blue Networks S.R.L.
Apr 2026 - Present (3 months)
Lead fractional CISO and security advisory engagements for European SMEs, SaaS companies, fintechs, ISPs, and regulated technology businesses. Advise executives on ISO 27001, SOC 2 readiness, NIS2/DORA/GDPR/CRA, third-party risk, incident response, and security operating model design.
Group Information Security Manager
Vercore Group - Proemion GmbH
Jan 2025 - Apr 2026 (1 year 3 months)
Led ISO/IEC 27001:2022 implementation through audit readiness, including Stage 1 and Stage 2 preparation. Reported quarterly to the CEO on risk posture, audit readiness, security KPIs, corrective actions, and material third-party risks, translating ISO requirements into practical controls for connected devices, firmware, AWS-based infrastructure, and SaaS services.
Head of InfoSec & DPO
Digital Vault Services GmbH
Apr 2021 - Dec 2024 (3 years 8 months)
Directed a fully remote security program for a payment and document-exchange SaaS used by 30+ EU financial institutions. Achieved ISO 27001 certification and guided the company through its first SOC 2 Type II audit with no major findings, including improving MTTD/MTTR by 55% via incident response playbooks and 24x7 on-call.
Security Operations Manager
Silensec Ltd
Jul 2019 - Apr 2021 (1 year 9 months)
Managed SOC services for MSP clients across healthcare, logistics, and fintech with varying compliance requirements (ISO 27001, HIPAA, PCI DSS). Led root-cause investigations for ransomware and insider-threat incidents and delivered virtual-CISO retainers including risk registers, policy frameworks, tabletop exercises, and executive briefings.
GDPR Data Protection Officer
Freelance
Jan 2017 - Jun 2019 (2 years 5 months)
Advised 20+ SMEs on GDPR readiness, DPIAs, and cross-border data flow controls, including security awareness programs. Collaborated with legal teams to draft data-processing agreements and breach-notification procedures.
SOC Service Delivery & IR
TIM
Jan 2010 - Apr 2016 (6 years 3 months)
Ran day-to-day operations of a national telecom SOC and coordinated cyber-defense for live-event infrastructure at EXPO 2015. Implemented ITIL-aligned service-delivery metrics, improved change-management success rate from 88% to 97%, and established centralized security controls across IDAM and endpoint protection with internal policy enforcement.
Education
Degrees, certifications, and relevant coursework
International Association of Privacy Professionals (IAPP)
Certified Information Privacy Professional (Europe) (CIPP/E), Privacy
2024 -
Earned the Certified Information Privacy Professional (Europe) (CIPP/E) certification in 2024.
ISACA
Certified Information Security Manager (CISM), Information Security Management
2024 -
Earned the Certified Information Security Manager (CISM) certification in 2024.
Polytechnic University of Turin
Master of Science (MSc) in Computer Engineering, Information Security
Earned an MSc in Computer Engineering with a focus on Information Security.
GIAC (SANS)
GIAC Certified Forensics Analyst (GCFA), Digital Forensics
2012 -
Earned the GIAC Certified Forensics Analyst (GCFA) certification in 2012.
Availability
Location
Authorized to work in
Job categories
Skills
Interested in hiring Fabio?
You can contact Fabio and 90k+ other talented remote workers on Himalayas.
Message FabioGet matched with your dream remote job
Sign up now and join over 250,000+ remote workers who receive personalized job alerts, curated job matches, and more for free!
