Open to opportunities

Jonathan Costa

@jonathancosta

Message

I’m a Chief Security Officer specializing in ISO 27001/27701 governance and resilience.

Gibraltar

Message

What I'm looking for

I’m looking for a mission-critical security leadership role where I can own ISO-aligned GRC, secure-by-design architecture, and operational resilience, partner with boards on risk reporting, and build measurable security outcomes across regulated environments.

I’m a Chief Security Officer and award-winning information security leader with two decades of experience securing and scaling technology operations across regulated industries. I’m known for owning information security strategy, enterprise risk management, operational resilience, and incident response end to end.

My focus is governance and secure delivery: I’m a UKGC PML holder and a specialist in ISO 27001, ISO 27701, ISO 22301, and ISO 31000 aligned frameworks. I lead “secure-by-design architecture” and drive ISO-aligned governances that strengthen secure data handling, audit readiness, supplier assurance, and long-term resilience.

I’ve built and scaled security functions across multi-jurisdiction environments, operating across Gibraltar, the UK, Malta, Spain, and Jersey. I’ve reported risk and compliance posture directly to the board, and I’ve delivered GDPR and privacy operating capabilities including DPIAs, DSARs, and DPO support.

Technically, I’ve architected and operated the Microsoft 365 E5 security stack (including Entra ID, Conditional Access, Intune, Defender for Endpoint, DLP, sensitivity labels, and Autopilot), and I’ve run parallel Google Workspace environments. I also establish practical security operations—penetration testing coordination, vulnerability management, tabletop exercises, ransomware runbooks, phishing simulation, and security awareness training—while supporting business-critical uptime and data protection.

Experience

Work history, roles, and key accomplishments

Current

Chief Security Officer (CSO)

Current

RockBlock Limited

May 2026 - Present (1 month)

Led the security, governance, and compliance function for a Gibraltar-registered cyber and compliance firm serving regulated operators. Own information security strategy, enterprise risk management, operational resilience, incident response, and secure-by-design architecture aligned to ISO 27001, 27001, 22301, and 31000, including GDPR and supplier assurance.

ISO 27001 ISO 27701 ISO 31000 GDPR Operational Resilience Incident Response Security By Design

Head of IT

Richmond Atlantic Ltd

Nov 2024 - May 2026 (1 year 6 months)

Built and led in-house IT, security, and compliance from scratch across Gibraltar and UK operations, including a distributed remote workforce. Achieved ISO/IEC 27001:2022 certification in one month from zero with zero non-conformities, authored 77+ policies across all 93 Annex A controls, and reported risk and compliance posture directly to the board.

ISO 27001 Internal Audit Vulnerability Management Microsoft 365 E5 Security

IT Enterprise Engineer

Gibtelecom

Feb 2024 - Oct 2024 (8 months)

Supported a national telecommunications provider’s critical infrastructure in a regulated environment across infrastructure, network, and endpoint layers. Owned service continuity and structured incident response while maintaining uptime and compliance standards for residential and enterprise services.

Telecommunications Incident Response Network Operations Compliance Operations

IT System Administrator

Eyas Gaming

May 2022 - Feb 2024 (1 year 9 months)

Owned IT operations across four jurisdictions for a regulated online gaming operator, covering hybrid infrastructure, multi-region connectivity, and access control. Improved operational reliability through automation and documented governance while delivering secure cross-border connectivity aligned to licensing obligations.

Hybrid Infrastructure Multi Region Access Control IT Operations Governance Cross Border Connectivity

IT Infrastructure & Support Lead

STM Group plc

Aug 2016 - May 2022 (5 years 9 months)

Led IT infrastructure and support across five international offices for a publicly listed financial services group. Improved measurable uptime and reduced recurring support issues through process and tooling discipline while operating within regulated cross-border data and service compliance requirements.

IT Infrastructure Management Server Administration End User Computing Uptime Improvement Financial Services Operations International Compliance

Marketing & Growth Manager

GibFibreSpeed Ltd

Aug 2014 - Jul 2016 (1 year 11 months)

Led marketing and growth strategy for Gibraltar’s first fibre broadband provider during its launch phase. Owned brand positioning, subscriber acquisition, and product launch coordination to support early-stage growth.

Growth Strategy Brand Management Marketing Planning

Head of Product - Betfred Bingo

Betfred

May 2009 - Aug 2012 (3 years 3 months)

Owned the product lifecycle of the Betfred Bingo platform, a consumer-facing online gaming product. Drove player engagement, retention, and feature improvements through close collaboration with development and marketing teams.

Product Lifecycle Management Online Gaming Product Management Player Engagement Retention Strategy Cross Functional Collaboration

Infantry Soldier

British Army

Sep 1998 - Aug 2008 (9 years 11 months)

Served as an infantry soldier for ten years in the British Armed Forces, including an operational tour in Northern Ireland. Maintained operational readiness and executed structured planning and decision-making under pressure, earning the Operational Service Medal.

Plan Operation Team Leadership Operational Readiness