Open to opportunities

Jonathan Rivas Gil

@jonathanrivasgil

I lead vulnerability and exposure management operations, aligning security strategy, compliance, and risk reduction with business goals.

Spain

Message

What I'm looking for

I’m looking to lead vulnerability & exposure management and security operations, partnering with IT/DevOps to reduce real-world risk. I want a role that values ISO27001-aligned governance, strong executive reporting, and cross-functional execution.

I’m a cybersecurity leader with over 10 years of experience in IT security engineering and operations. I currently lead Vulnerability & Exposure Management Operations at Schwarz Digits Spain, driving strategy and policy development while coordinating cross-functional execution.

My focus is end-to-end exposure management: I identify, assess, monitor, and report vulnerabilities across systems and applications. I generate executive reporting on vulnerability status, trends, KPIs, and improvements in security posture, and I prioritize remediation through risk analysis tied to business impact and threat intelligence.

I combine deep technical expertise with leadership skills across SIEM/SOC operations, EDR, PAM, and cloud security (Azure). I’ve implemented and operated security measures using tools such as Tenable Nessus, OWASP/Burp Suite, CyberArk, and Microsoft 365 Security suite, partnering closely with IT, development, compliance, and DevOps teams to drive remediation and risk mitigation.

I’m also committed to compliance and governance, ensuring alignment with ISO27001 through security policies, ISMS practices, and stakeholder management. I earned my ISO27001 ISMS Lead Implementer certification (BSI Group, 2024) and bring a practical, outcomes-driven approach to reducing risk and sustaining secure operations.

Experience

Work history, roles, and key accomplishments

Current

Head of Vulnerability & Exposure

Current

Schwarz Digits Spain

Jan 2023 - Present (3 years 4 months)

Leads vulnerability and exposure management operations, overseeing the end-to-end lifecycle for identifying, assessing, monitoring, and reporting vulnerabilities. Develops vulnerability management strategies and policies aligned to ISO27001 and partners with IT, development, compliance, and DevOps teams to drive remediation and risk mitigation.

Vulnerability Management Exposure Management Risk Analysis Security Strategy ISO 27001 Executive Reporting Security Policies Stakeholder Management

IT Security Engineer

Penguin Random House GE (Oxigent Technologies)

Oct 2021 - Dec 2022 (1 year 2 months)

Managed SIEM alerts from SOC and administered corporate EDR capabilities, while planning and implementing CyberArk PAM. Supported cloud security on Azure and performed vulnerability assessments using Tenable (Nessus), operating daily security controls with Microsoft 365 Security tools and email/network security platforms.

EDR Microsoft Defender Azure Security Nessus Microsoft 365 Security Security Tools Vulnerability Assessment Jira

Systems & Security Administrator

Irish Pharmacy Union (Coolamber Solutions)

Feb 2019 - Oct 2021 (2 years 8 months)

Optimized security and system performance through proactive changes and continuous monitoring, supporting multiple server environments including staging and production. Standardized security tasks, trained junior team members, and audited security documentation to identify gaps and drive corrective actions, supporting incident response and compliance efforts.

Security Monitoring Server Administration Security Auditing Incident Response Security Documents Continuous Improvement Risk Mitigation Jira

Senior Process Executive

Google (Cognizant)

Jun 2018 - Feb 2019 (8 months)

Enforced security policies and compliance standards for online content review by analyzing user reports to identify policy violations, emerging threats, and trends. Contributed to content security guidelines and escalation procedures, recognizing out-of-policy patterns and escalating high-risk issues to internal security teams.

Security Policies Compliance Operations Content Security User Report Security Policy And Policy Violations

IT Technician

Grupo EPOS IT Lab

Oct 2013 - Oct 2016 (3 years)

Implemented server maintenance and monitoring to keep networks operational during peak periods. Investigated, documented, and escalated unresolved issues, and reviewed technical documents to resolve deficiencies and improve service quality.

Network Monitoring Troubleshooting Technical Documentation Change Management