Looking for a job

gabriele gallotti

@gabrielegallotti

Message

Information Security Risk Manager with expertise in cybersecurity governance.

Switzerland

Message

What I'm looking for

I am looking for a role that challenges my skills in cybersecurity and offers opportunities for growth and innovation.

I am an experienced Information Security Risk Manager currently based in Zurich, Switzerland. With a strong background in cybersecurity governance and risk management, I have successfully led audits and implemented critical security controls at SYGNUM BANK AG. My role as the primary audit coordinator has allowed me to act as the main point of contact for FINMA and ISAE 3000/3402 audits, where I have driven operational resilience improvements and ensured compliance with regulatory standards.

Throughout my career, I have developed a robust skill set in crypto security, managing over 35 controls for digital asset systems, and have authored key policies such as the Information Security Policy and IAM Guideline. My previous experience as a Cyber and Infrastructure Security Auditor at UNICREDIT S.P.A. has further honed my ability to execute cybersecurity audits aligned with NIST and ISO 27001 frameworks, enhancing organizational resilience through automated security assessments.

With a Master’s degree in Cyber Risk Strategy and Governance from Bocconi University and a Bachelor's in Computer Science and Engineering, I am passionate about leveraging my technical expertise and leadership skills to foster a secure digital environment. I am committed to continuous improvement and proactive risk management, ensuring that organizations can navigate the complexities of cybersecurity effectively.

Experience

Work history, roles, and key accomplishments

Current

Information Security Risk Manager

Current

Sygnum

Nov 2022 - Present (2 years 8 months)

Acted as the primary point of contact for FINMA and ISAE 3000/3402 audits, leading cybersecurity domains and supporting finance/regulatory tracks. Led end-to-end design and implementation of over 50 critical security controls, managing 35+ controls for digital asset systems.

Fireblocks AWS RCSA Execution KRI Development Python PowerShell

Cyber Security Auditor

Unicredit

Oct 2021 - Oct 2022 (1 year)

Executed cybersecurity audits aligned to NIST and ISO 27001 frameworks, managing the audit lifecycle from initiation to remediation. Automated security assessments, significantly enhancing organizational resilience.

NIST ISO 27001 Audit Management Resilience

ICT Security Analyst and Research Intern

Cefriel

Jan 2021 - Jan 2022 (1 year)

Designed automated risk assessment models based on MITRE, CAPEC, and cyber-kill chain frameworks. Conducted research to enhance understanding and application of these models in real-world scenarios.

MITRE CAPEC Cyber Kill Chain Risk Assessment Research Data Analysis

Education

Degrees, certifications, and relevant coursework

Bocconi University

M.Sc. in Cyber Risk Strategy and Governance, Cyber Risk Strategy and Governance

Grade: 110 WITH HONORS

Completed a Master of Science in Cyber Risk Strategy and Governance, focusing on the strategic and governance aspects of cybersecurity. Achieved a GPA of 110 with honors.

Polytechnic University of Milan

B.Sc. in Computer Science and Engineering, Computer Science and Engineering

Obtained a Bachelor of Science in Computer Science and Engineering. This program provided a foundational understanding of computer science principles and engineering applications.