Skip to main content
Fabio GenoveseFG
Open to opportunities

Fabio Genovese

@fabiogenovese

Fractional CISO delivering ISO 27001, SOC 2, GDPR, and resilient incident response for regulated orgs.

Italy
Message

What I'm looking for

I’m looking to lead vCISO-style security programs for regulated EU businesses—owning ISO 27001/SOC 2 readiness, strengthening incident response and third-party risk, and partnering with executives to build measurable, practical security operations.

I’m a security leader and fractional CISO with 14+ years across fintech SaaS, Industrial IoT, telecom SOC, and regulated EU environments. I bring hands-on ownership of ISO 27001, SOC 2, GDPR, and NIS2/CRA readiness, with a strong focus on incident response, third-party risk, and clear executive reporting.

I’ve led ISO 27001 implementations for SaaS and Industrial IoT environments, translating requirements into pragmatic controls that teams can actually run. I also guided a fintech SaaS company through SOC 2 Type II with no major findings, strengthening governance without slowing delivery.

For payment and document-exchange SaaS used by 30+ EU financial institutions, I directed end-to-end security—from building incident-response playbooks and 24×7 on-call rotations to improving MTTD/MTTR by 55%. I further accelerated vendor risk cycles by introducing a vendor-risk methodology and SLA language, reducing assessments from four weeks to ten days.

In my current advisory role, I help European SMEs, SaaS companies, fintechs, ISPs, and regulated technology businesses build security operating models, risk registers, evidence frameworks, KPIs, and security roadmaps—even when internal capacity is limited. I also oversee technical initiatives like SIEM/SOC design, vulnerability management, endpoint and cloud security baselines, and incident response workflows.

Experience

Work history, roles, and key accomplishments

BS
Current

Fractional CISO

Blue Networks S.R.L.

Apr 2026 - Present (3 months)

Lead fractional CISO and security advisory engagements for European SMEs, SaaS companies, fintechs, ISPs, and regulated technology businesses. Advise executives on ISO 27001, SOC 2 readiness, NIS2/DORA/GDPR/CRA, third-party risk, incident response, and security operating model design.

VG

Group Information Security Manager

Vercore Group - Proemion GmbH

Jan 2025 - Apr 2026 (1 year 3 months)

Led ISO/IEC 27001:2022 implementation through audit readiness, including Stage 1 and Stage 2 preparation. Reported quarterly to the CEO on risk posture, audit readiness, security KPIs, corrective actions, and material third-party risks, translating ISO requirements into practical controls for connected devices, firmware, AWS-based infrastructure, and SaaS services.

DG

Head of InfoSec & DPO

Digital Vault Services GmbH

Apr 2021 - Dec 2024 (3 years 8 months)

Directed a fully remote security program for a payment and document-exchange SaaS used by 30+ EU financial institutions. Achieved ISO 27001 certification and guided the company through its first SOC 2 Type II audit with no major findings, including improving MTTD/MTTR by 55% via incident response playbooks and 24x7 on-call.

SL

Security Operations Manager

Silensec Ltd

Jul 2019 - Apr 2021 (1 year 9 months)

Managed SOC services for MSP clients across healthcare, logistics, and fintech with varying compliance requirements (ISO 27001, HIPAA, PCI DSS). Led root-cause investigations for ransomware and insider-threat incidents and delivered virtual-CISO retainers including risk registers, policy frameworks, tabletop exercises, and executive briefings.

FR

GDPR Data Protection Officer

Freelance

Jan 2017 - Jun 2019 (2 years 5 months)

Advised 20+ SMEs on GDPR readiness, DPIAs, and cross-border data flow controls, including security awareness programs. Collaborated with legal teams to draft data-processing agreements and breach-notification procedures.

TI

SOC Service Delivery & IR

TIM

Jan 2010 - Apr 2016 (6 years 3 months)

Ran day-to-day operations of a national telecom SOC and coordinated cyber-defense for live-event infrastructure at EXPO 2015. Implemented ITIL-aligned service-delivery metrics, improved change-management success rate from 88% to 97%, and established centralized security controls across IDAM and endpoint protection with internal policy enforcement.

Education

Degrees, certifications, and relevant coursework

International Association of Privacy Professionals (IAPP) logoII

International Association of Privacy Professionals (IAPP)

Certified Information Privacy Professional (Europe) (CIPP/E), Privacy

2024 -

Earned the Certified Information Privacy Professional (Europe) (CIPP/E) certification in 2024.

ISACA logoIS

ISACA

Certified Information Security Manager (CISM), Information Security Management

2024 -

Earned the Certified Information Security Manager (CISM) certification in 2024.

Polytechnic University of Turin logoPT

Polytechnic University of Turin

Master of Science (MSc) in Computer Engineering, Information Security

Earned an MSc in Computer Engineering with a focus on Information Security.

GIAC (SANS) logoGS

GIAC (SANS)

GIAC Certified Forensics Analyst (GCFA), Digital Forensics

2012 -

Earned the GIAC Certified Forensics Analyst (GCFA) certification in 2012.

Tech stack

Software and tools used professionally

Get matched with your dream remote job

Sign up now and join over 250,000+ remote workers who receive personalized job alerts, curated job matches, and more for free!

Sign up
Himalayas profile for an example user named Frankie Sullivan