Maria del Carmen Molina Martinez
@mariadelcarmenmolina
Cybersecurity GRC and risk management senior focused on ISO27001, NIST CSF, and third-party risk mitigation.
What I'm looking for
I’m a Cybersecurity Governance, Risk & Compliance professional who helps organizations translate security requirements into practical risk management and measurable improvements. I’ve worked across global environments, aligning governance and controls to business needs while keeping compliance effective and operational.
In senior GRC roles, I perform compliance assessments and risk identification using frameworks like NIST CSF and ISO27001, then define recommendations and corrective measures to reduce technological risks. I also support GRC tooling and automation (OneTrust), evaluate and document business continuity plans (PCN), disaster recovery plans (DRP), and Business Impact Analysis (BIA), and work closely with Data Protection on privacy impact assessments. I’ve delivered security awareness training across countries and strengthened third-party risk management (TPRM) through policy and process improvements.
Earlier, I helped implement and improve information security management systems in RSA Archer, leading IT risk management, control evaluation, and business continuity work. Before moving fully into security GRC, I built my audit foundation as an IT Audit Senior at PwC, reviewing IT General Controls and IT security controls across major technologies and supporting SOX-aligned internal control evaluations.
Experience
Work history, roles, and key accomplishments
Performed compliance assessments and risk identification based on NIST CSF and ISO 27001, defining recommendations and corrective measures to mitigate identified risks. Supported GRC tool implementation (OneTrust), business continuity documentation, regulatory/auditor compliance, privacy impact assessments, and employee security awareness training.
Cyber Security GRC Senior
Santander Global Corporate & Investing Banking
Oct 2022 - Sep 2023 (11 months)
Defined annual strategy and objectives for the governance, risk and compliance function and aligned global processes across group entities. Managed information security policy evaluations, technological risk assessment and monitoring, audit recommendation follow-up, KRIs reporting, third-party risk management, BCP/DRP governance, and senior management reporting.
Cyber Security GRC Senior
Optimissa-Santander Global Corporate & Investing Banking
Aug 2021 - Oct 2022 (1 year 2 months)
Provided governance, risk and compliance support, including information security policy evaluation and technological risk assessment and monitoring. Supported third-party risk management activities (including cybersecurity clause review), BCP/DRP governance, audit recommendation follow-up, and reporting on KRIs and objectives to senior management.
Cyber Security GRC Consultant
Experis IT - BCC Cajamar
Jan 2019 - Aug 2021 (2 years 7 months)
Implemented an Information Security Management System (ISMS) in RSA Archer, managing IT risks and evaluating IT controls and business continuity plans. Evaluated security control compliance against NIST SP800-54, ISO2700, ISO27005, ISO31000, PCI-DSS, and SWIFT, and reported results including to Board management and the European Central Bank.
Led multidisciplinary IT audit teams and performed IT General Controls reviews across areas such as governance, physical/logical security, IT operations, business continuity, change management, and software development. Evaluated IT security controls (e.g., SAP, Oracle, Windows, Linux/Unix, AS400, SQL Server) for SOX compliance and prepared audit reports, including a SSAE16 engagement for Produban
Financial Director Assistant
HM CLAUSE IBÉRICA
Jun 2015 - Aug 2015 (2 months)
Managed monthly budgetary control activities by identifying, commenting on, and resolving variances with budget managers. Produced reporting to the central entity and created a standard guide to reduce costs and improve budget management efficiency through employee training.
Education
Degrees, certifications, and relevant coursework
ISACA
Certified in Information Security Management (CISM), Information Security Management
2022 - 2022
Obtained the CISM certification in Information Security Management from ISACA.
University of Almería
Graduate in Business Administration (English), Business Administration
2011 - 2015
Completed a graduate program in Business Administration (English) at the University of Almería.
Otto-Friedrich Universität Bamberg
Betriebwirtschaftlehre (BWL)
2013 - 2014
Studied Betriebwirtschaftlehre (BWL) at Otto-Friedrich Universität Bamberg.
Availability
Location
Authorized to work in
Job categories
Skills
Interested in hiring Maria del Carmen?
You can contact Maria del Carmen and 90k+ other talented remote workers on Himalayas.
Message Maria del CarmenGet matched with your dream remote job
Sign up now and join over 250,000+ remote workers who receive personalized job alerts, curated job matches, and more for free!
