About Gabriela
Cybersecurity and information governance consultant with broad experience leading strategic risk, compliance, and technology initiatives in the financial sector.
She has a proven record designing and implementing defense-in-depth and Zero Trust architectures, aligning cybersecurity and data protection to business objectives, and fostering a culture of ethical, human-centered leadership.
Passionate about integrating governance, innovation, and resilience, she believes security is not only a technical discipline, but a strategic enabler of trust, transparency, and business value.
Open to remote & hybrid international roles focused on Cybersecurity, IT Risk, IT Governance and IT Compliance.
Professional Experience
External Cybersecurity Consultant
- Design and implementation of a Defense in Depth security architecture for an insurance enterprise, enabling risk-based visibility and control across environments.
- Advisory on GRC, Zero Trust, audit readiness (ISO 27001/27701, SOC), privacy and resilience.
- Outcome-oriented roadmaps aligned with business objectives; NDA-safe deliverables and measurable results.
Information Security Manager — Banco Solidario
- Directed the information and data security program aligned with ISO 27001:2022 and enterprise risk management.
- Managed cybersecurity initiatives in line with NIST CSF 2.0 and enterprise architecture; led incident/vulnerability response and threat intelligence.
- Delivered key projects: network segmentation and identity hardening (Aruba NAC, XDR, SASE/Prisma Access), cloud security and DLP, CyberSOC use-cases.
- Owned security budget, controls lifecycle and audit/regulatory responses with executive dashboards.
Technology Compliance Manager — Banco Solidario
- Defined and executed the IT Governance & Technology Compliance strategy to align operations with cybersecurity and business resilience.
- Integrated NIST CSF 2.0 with ISO 27001; coordinated risk management and audits across IT and security.
- Led projects on SD-WAN, patch automation, and Azure disaster recovery site; established KPI/KRI dashboards for board reporting.
- Ensured adherence to ITIL 4 and operational risk requirements.
Senior IT Auditor — Banco Solidario
- Performed risk-based IT audits aligned with COBIT 2019 and ISO 27001; assessed security, change management and IT governance processes.
- Provided assurance over cybersecurity controls, risk reporting and compliance maturity.
IT Auditor — Central Bank of Ecuador
- Audited the National Information Security System (EGSI / ISO 27001); evaluated internal controls, continuity and configuration management.
- Supervised audits of the national electronic payment system (SNPS) and interbank platforms; conducted risk and compliance reviews.
Key Projects
Multi-Layer Security Architecture (Defense in Depth)
Designed and implemented a layered architecture mapping technical and organizational controls by risk level. Improved visibility, reduced exposure to threats, and strengthened stakeholder confidence for an insurance enterprise.
CyberSOC Consolidation
Merged two monitoring centers into a unified CyberSOC, expanding coverage to 100+ critical assets. Enhanced correlation and reduced false positives, improving mean time to detect and respond.
Risk-Based Security Methodology
Developed a methodology to classify and prioritize risks based on business impact, integrating ISO 27005 and NIST CSF principles and promoting a data-driven risk culture.
Secure SD-WAN & Microsegmentation (Spine & Leaf)
Modernized network with Aruba SD-WAN and microsegmentation. Optimized latency and availability, reduced lateral movement risk, and increased operational resilience.
Secure Access Service Edge (SASE) Deployment
Implemented SASE with Prisma Access and MDM to enforce adaptive zero-trust policies and secure connectivity for users and devices across cloud workloads.
Privileged Access Management (PAM)
Deployed Delinea PAM to enforce least-privilege access, session monitoring and traceability, strengthening segregation of duties and alignment with ISO/NIST standards.
Education & Professional Certifications
MBA – Business Administration
Developed a solid understanding of business strategy, finance, and operations to align technology and cybersecurity programs with corporate objectives.
Bachelor’s Degree in Systems Engineering
Specialized in software lifecycle management, IT infrastructure, and IT auditing. Gained strong foundations in programming, network design, and IT governance.
Professional Certifications
Professional Certifications
Click on each certification to verify the official digital credential badge.
- Certified in Cybersecurity (CC) – (ISC)² · 2025 Verify Badge ↗
- WomenCISO – Cybersecurity & AI School for Women · 2025 Verify Badge ↗
- ISO/IEC 38500 – IT Corporate Governance Lead Professional · 2020 Verify Badge ↗
- CRISC – Certified in Risk and Information Systems Control · 2018 Verify Badge ↗
- COSO Internal Control Framework Certification · 2018 Verify Badge ↗
- CISA – Certified Information Systems Auditor · 2008 Verify Badge ↗
- CISSP – (ISC)² · In Progress
Leadership & Recognition
Women Leaders 2022 — First Place Award
Awarded first place for the design and presentation of an innovation project promoting inclusion. Recognized for strategic vision, leadership, and social impact.
Leader IT 2024 — IT Ahora Magazine
Nominated among Ecuador’s leading IT executives for contributions to cybersecurity governance, risk management, and digital transformation in the financial sector.
Editorial Collaboration — “CIO & CISO: A Strategic Alliance for Digital Security”
Contributed as author to the IT Ahora article emphasizing the importance of collaboration between technology and security leadership in building resilient organizations.
Training & Specialized Courses
CISSP – Certified Information Systems Security Professional (prep)
Advanced preparation covering security architecture, operations, and governance aligned with (ISC)² CISSP domains.
CISM – Certified Information Security Manager (prep)
Manager-level program focused on security governance, risk management, and incident response, aligned with ISACA’s CISM framework.
ISO 27001 - 2022
ISMS implementation aligned with ISO 27001:2022.
Full portfolio (PDF)
Let's Connect
I believe that security is not just about technology — it’s about people, trust, and strategy. Let’s collaborate to build secure, human-centered digital ecosystems.