Skip to main content
Maria del Carmen Molina MartinezMM
Open to opportunities

Maria del Carmen Molina Martinez

@mariadelcarmenmolina

Cybersecurity GRC and risk management senior focused on ISO27001, NIST CSF, and third-party risk mitigation.

Spain
Message

What I'm looking for

I’m looking for a cybersecurity role where I can lead GRC and risk programs using NIST CSF and ISO27001, strengthen TPRM, and drive measurable improvements in continuity, privacy collaboration, and audit readiness across global teams.

I’m a Cybersecurity Governance, Risk & Compliance professional who helps organizations translate security requirements into practical risk management and measurable improvements. I’ve worked across global environments, aligning governance and controls to business needs while keeping compliance effective and operational.

In senior GRC roles, I perform compliance assessments and risk identification using frameworks like NIST CSF and ISO27001, then define recommendations and corrective measures to reduce technological risks. I also support GRC tooling and automation (OneTrust), evaluate and document business continuity plans (PCN), disaster recovery plans (DRP), and Business Impact Analysis (BIA), and work closely with Data Protection on privacy impact assessments. I’ve delivered security awareness training across countries and strengthened third-party risk management (TPRM) through policy and process improvements.

Earlier, I helped implement and improve information security management systems in RSA Archer, leading IT risk management, control evaluation, and business continuity work. Before moving fully into security GRC, I built my audit foundation as an IT Audit Senior at PwC, reviewing IT General Controls and IT security controls across major technologies and supporting SOX-aligned internal control evaluations.

Experience

Work history, roles, and key accomplishments

Job & Talent logoJT

Cyber Security GRC Senior

Oct 2023 - Sep 2024 (11 months)

Performed compliance assessments and risk identification based on NIST CSF and ISO 27001, defining recommendations and corrective measures to mitigate identified risks. Supported GRC tool implementation (OneTrust), business continuity documentation, regulatory/auditor compliance, privacy impact assessments, and employee security awareness training.

SB

Cyber Security GRC Senior

Santander Global Corporate & Investing Banking

Oct 2022 - Sep 2023 (11 months)

Defined annual strategy and objectives for the governance, risk and compliance function and aligned global processes across group entities. Managed information security policy evaluations, technological risk assessment and monitoring, audit recommendation follow-up, KRIs reporting, third-party risk management, BCP/DRP governance, and senior management reporting.

OB

Cyber Security GRC Senior

Optimissa-Santander Global Corporate & Investing Banking

Aug 2021 - Oct 2022 (1 year 2 months)

Provided governance, risk and compliance support, including information security policy evaluation and technological risk assessment and monitoring. Supported third-party risk management activities (including cybersecurity clause review), BCP/DRP governance, audit recommendation follow-up, and reporting on KRIs and objectives to senior management.

Experis IT - BCC Cajamar logoEC

Cyber Security GRC Consultant

Experis IT - BCC Cajamar

Jan 2019 - Aug 2021 (2 years 7 months)

Implemented an Information Security Management System (ISMS) in RSA Archer, managing IT risks and evaluating IT controls and business continuity plans. Evaluated security control compliance against NIST SP800-54, ISO2700, ISO27005, ISO31000, PCI-DSS, and SWIFT, and reported results including to Board management and the European Central Bank.

PricewaterhouseCoopers (PwC) logoPP

IT Audit Senior

Dec 2015 - Dec 2018 (3 years)

Led multidisciplinary IT audit teams and performed IT General Controls reviews across areas such as governance, physical/logical security, IT operations, business continuity, change management, and software development. Evaluated IT security controls (e.g., SAP, Oracle, Windows, Linux/Unix, AS400, SQL Server) for SOX compliance and prepared audit reports, including a SSAE16 engagement for Produban

HI

Financial Director Assistant

HM CLAUSE IBÉRICA

Jun 2015 - Aug 2015 (2 months)

Managed monthly budgetary control activities by identifying, commenting on, and resolving variances with budget managers. Produced reporting to the central entity and created a standard guide to reduce costs and improve budget management efficiency through employee training.

Education

Degrees, certifications, and relevant coursework

ISACA logoIS

ISACA

Certified in Information Security Management (CISM), Information Security Management

2022 - 2022

Obtained the CISM certification in Information Security Management from ISACA.

University of Almería logoUA

University of Almería

Graduate in Business Administration (English), Business Administration

2011 - 2015

Completed a graduate program in Business Administration (English) at the University of Almería.

Otto-Friedrich Universität Bamberg logoOB

Otto-Friedrich Universität Bamberg

Betriebwirtschaftlehre (BWL)

2013 - 2014

Studied Betriebwirtschaftlehre (BWL) at Otto-Friedrich Universität Bamberg.

Tech stack

Software and tools used professionally

Get matched with your dream remote job

Sign up now and join over 250,000+ remote workers who receive personalized job alerts, curated job matches, and more for free!

Sign up
Himalayas profile for an example user named Frankie Sullivan