Open to opportunities

Giovanny Farajallah

@giovannyfarajallah

Cybersecurity compliance leader and advisor driving SOC 2, ISO 27001, ISO 42001 GDPR, PCI, HIPAA programs to resilient, audit-defensible outcomes.

United States

Message

What I'm looking for

I’m looking for a cybersecurity compliance and advisory role where I can lead multi-framework security programs, guide teams, and drive continuous improvement—turning audit requirements into durable governance, risk reduction, and stronger security operations.

I’m a cybersecurity compliance professional who currently serves as a Senior Associate, leading complex, multi-framework compliance programs and overseeing delivery across SOC 2, ISO 27001, ISO 42001, PCI DSS, HIPAA, and GDPR. I set strategy and scope, provide executive-level advisory on security governance and control maturity roadmaps, and mentor junior advisors and client stakeholders to ensure technical accuracy and audit defensibility.

Previously, I managed end-to-end security compliance and audit readiness for startups, financial firms, and enterprise tech companies, including BC/DR, Incident Response, and Risk Assessments with risk registers and remediation tracking. I’ve also served as a vCISO and Security Analyst/Manager—coordinating penetration testing and vulnerability assessments, deploying EDR/MDM/SOAR/IAM and compliance automation, and running phishing simulations that reduced clicks by 80% over three months.

Experience

Work history, roles, and key accomplishments

Current

Senior Associate

Current

Eden Data a Riveron Company

Jun 2025 - Present (1 year)

Served as engagement lead for multi-framework compliance programs, defining scope and overseeing delivery across SOC 2, ISO 27001, ISO 42001, PCI DSS, HIPAA, and GDPR engagements. Provided executive advisory on security governance, risk appetite alignment, and control maturity roadmaps while mentoring junior advisors and reviewing audit evidence for defensibility.

ISO 27001 ISO 42001 PCI DSS HIPAA GDPR Security Governance Control Maturity Roadmaps Audit Evidence Review Risk Assessment

Security Analyst Manager

Com-Sec

Sep 2024 - Jun 2025 (9 months)

Acted as vCISO for multiple clients, leading security strategy and compliance initiatives to achieve SOC 2, ISO, GDPR, PCI, and HIPAA outcomes. Managed and mentored analysts, coordinated penetration testing and audits, and implemented security automation and phishing simulations that reduced click-throughs by 80% over 3 months.

vCISO GDPR PCI DSS HIPAA Penetration Testing EDR MDM SOAR Phishing Simulations Security Automation Vulnerability Assessment SOC2

Security Analyst

Com-Sec

Dec 2023 - Sep 2024 (9 months)

Managed end-to-end security projects with a focus on delivering audit readiness and meeting client expectations across multiple engagements. Supported SOC 2, ISO, and HIPAA compliance through vulnerability-focused work (penetration testing and code reviews), deployment of security tools, and phishing simulations to improve security awareness.

ISO 27001 HIPAA Penetration Testing Code Reviews Vulnerability Management Audit Readiness Security Tool Configuration Phishing Simulations Security Project Management SOC2 Code Review

Sales Development Representative

Nfront Security

Jan 2020 - Jun 2021 (1 year 5 months)

Drove sales efforts for nFront Password Filter by demonstrating granular password policy control and security features to secure high-value deals with Fortune 500 clients. Helped organizations across credit unions and enterprises address compliance needs including PCI, HIPAA, SOC, and NERC CIP through coordinated stakeholder engagement with IT teams and decision-makers.