GABRIELA PAREJA MENA

Cybersecurity Specialist · Governance, Risk & Compliance · Enterprise Architecture


“Building secure, human-centered strategies that turn risk into business value.”

About Gabriela

Cybersecurity and information governance specialist with broad experience leading strategic risk, compliance, and technology initiatives in the financial sector.

She has a proven record designing and implementing defense-in-depth and Zero Trust architectures, aligning cybersecurity and data protection to business objectives, and fostering a culture of ethical, human-centered leadership.

Passionate about integrating governance, innovation, and resilience, she believes security is not only a technical discipline, but a strategic enabler of trust, transparency, and business value.

Open to remote & hybrid international roles focused on Cybersecurity, GRC & AI Governance.

Strategy Integrity Humanity GRC Risk Management Data Protection Enterprise Architecture

Professional Experience

External Cybersecurity Consultant

Oct 2025 – Ongoing · Remote / International
  • Design and implementation of a Defense in Depth security architecture for an insurance enterprise, enabling risk-based visibility and control across environments.
  • Advisory on GRC, Zero Trust, audit readiness (ISO 27001/27701, SOC), privacy and resilience.
  • Outcome-oriented roadmaps aligned with business objectives; NDA-safe deliverables and measurable results.
GRCZero TrustDefense in DepthISO 27001/27701

Information Security Manager — Banco Solidario

Jun 2024 – Sep 2025 · Quito, EC
  • Directed the information and data security program aligned with ISO 27001:2022 and enterprise risk management.
  • Managed cybersecurity initiatives in line with NIST CSF 2.0 and enterprise architecture; led incident/vulnerability response and threat intelligence.
  • Delivered key projects: network segmentation and identity hardening (Aruba NAC, XDR, SASE/Prisma Access), cloud security and DLP, CyberSOC use-cases.
  • Owned security budget, controls lifecycle and audit/regulatory responses with executive dashboards.
ISO 27001:2022NIST CSF 2.0SASEDLPCyberSOC

Technology Compliance Manager — Banco Solidario

Dec 2019 – May 2024 · Quito, EC
  • Defined and executed the IT Governance & Technology Compliance strategy to align operations with cybersecurity and business resilience.
  • Integrated NIST CSF 2.0 with ISO 27001; coordinated risk management and audits across IT and security.
  • Led projects on SD-WAN, patch automation, and Azure disaster recovery site; established KPI/KRI dashboards for board reporting.
  • Ensured adherence to ITIL 4 and operational risk requirements.
GovernanceRisk & ComplianceSD-WANAzure DR

Senior IT Auditor — Banco Solidario

Apr 2015 – Nov 2019 · Quito, EC
  • Performed risk-based IT audits aligned with COBIT 2019 and ISO 27001; assessed security, change management and IT governance processes.
  • Provided assurance over cybersecurity controls, risk reporting and compliance maturity.

IT Auditor — Central Bank of Ecuador

Apr 2008 – Apr 2015 · Quito, EC
  • Audited the National Information Security System (EGSI / ISO 27001); evaluated internal controls, continuity and configuration management.
  • Supervised audits of the national electronic payment system (SNPS) and interbank platforms; conducted risk and compliance reviews.

Key Projects

Multi-Layer Security Architecture (Defense in Depth)

Oct 2025 – Ongoing

Designed and implemented a layered architecture mapping technical and organizational controls by risk level. Improved visibility, reduced exposure to threats, and strengthened stakeholder confidence for an insurance enterprise.

CyberSOC Consolidation

May 2025

Merged two monitoring centers into a unified CyberSOC, expanding coverage to 100+ critical assets. Enhanced correlation and reduced false positives, improving mean time to detect and respond.

Risk-Based Security Methodology

Dec 2024

Developed a methodology to classify and prioritize risks based on business impact, integrating ISO 27005 and NIST CSF principles and promoting a data-driven risk culture.

Secure SD-WAN & Microsegmentation (Spine & Leaf)

May 2024

Modernized network with Aruba SD-WAN and microsegmentation. Optimized latency and availability, reduced lateral movement risk, and increased operational resilience.

Secure Access Service Edge (SASE) Deployment

Nov 2024

Implemented SASE with Prisma Access and MDM to enforce adaptive zero-trust policies and secure connectivity for users and devices across cloud workloads.

Privileged Access Management (PAM)

Nov 2023

Deployed Delinea PAM to enforce least-privilege access, session monitoring and traceability, strengthening segregation of duties and alignment with ISO/NIST standards.

Open full project list (PDF)

Education & Professional Certifications

Diploma in Enterprise Architecture (TOGAF-aligned)

Universidad San Francisco de Quito · In progress · Completion expected Mar 2026

Focused on enterprise architecture design, governance models, and integration of business and technology strategies for digital transformation.

MBA – Business Administration

Universidad Internacional del Ecuador

Developed a solid understanding of business strategy, finance, and operations to align technology and cybersecurity programs with corporate objectives.

Bachelor’s Degree in Systems Engineering

Escuela Politécnica del Ejército (ESPE)

Specialized in software lifecycle management, IT infrastructure, and IT auditing. Gained strong foundations in programming, network design, and IT governance.

Professional Certifications

Chronological order (most recent below)
  • Certified in Cybersecurity (CC) – (ISC)² · 2025 View Badge
  • WomenCISO – Cybersecurity & AI School for Women (ITAM / EpicLab) · 2025 Verification Code: GPAREJA
  • ISO/IEC 38500 – IT Corporate Governance Lead Professional · 2020 View Badge
  • Certified in Risk and Information Systems Control (CRISC) – ISACA · 2018 View Badge
  • COSO Internal Control Framework Certification · 2018 View Badge
  • Certified Information Systems Auditor (CISA) – ISACA · 2008 View Badge
  • CISSP – Certified Information Systems Security Professional (ISC)² · In Progress

Leadership & Recognition

Women Leaders 2022 — First Place Award

Women Leaders Workshop · IT Now / EpicLab / BID

Awarded first place at the Women Leaders Workshop for the design and presentation of an innovation project promoting inclusion. Recognized for strategic vision, leadership, and social impact.

View Program Certificate

Leader IT 2024 — IT Ahora Magazine

Ecuador · Nominated as one of the Top IT Leaders 2024

Nominated among Ecuador’s leading IT executives for contributions to cybersecurity governance, risk management, and digital transformation in the financial sector.

View Nomination

Editorial Collaboration — “CIO & CISO: A Strategic Alliance for Digital Security”

IT Ahora Magazine · September 2025

Contributed as author to the IT Ahora article “CIO & CISO: A Strategic Alliance for Digital Security”, emphasizing the importance of collaboration between technology and security leadership in building resilient organizations.

Read Article

Training & Specialized Courses

CISSP – Certified Information Systems Security Professional (prep)

2025

Advanced preparation covering security architecture, operations, and governance aligned with (ISC)² CISSP domains.

CISM – Certified Information Security Manager (prep)

2024

Manager-level program focused on security governance, risk management, and incident response, aligned with ISACA’s CISM framework.

ISO 27001 - 2022

2022

ISMS implementation aligned with ISO 27001:2022.

Download full training portfolio (PDF)

Let's Connect

I believe that security is not just about technology — it’s about people, trust, and strategy. Let’s collaborate to build secure, human-centered digital ecosystems.

Email Me Connect on LinkedIn

© 2025 Gabriela Pareja · All rights reserved.