Home - Juan Grateron

Juan Grateron — Cybersecurity Consultant (GRC • Standards • Pentesting)

I help teams reduce risk and move faster by combining security consulting, GRC, and hands-on testing. From ISO/IEC 27001 and ISO/IEC 42001 implementation to targeted pentesting, I deliver clear documentation, measurable outcomes, and practical remediation plans stakeholders can execute.

ISO Implementation: ISO/IEC 27001 & ISO/IEC 42001 scope, documentation, controls, and operational rollout

GRC Advisory: risk assessments, control design, evidence structure, metrics, and executive-ready reporting

Pentesting: scoped web & infrastructure testing with prioritized findings and remediation guidance

What I do

ISO/IEC 27001 & 42001 Implementation

Implement management systems that are lightweight, defensible, and ready for real audits—built around risk, ownership, and repeatable routines.

Scope definition, governance model, and risk approach
Policies, procedures, and records (audit-ready templates)
Implementation roadmap, enablement, and handover

GRC & Audit Readiness

Strengthen governance with clear risk decisions, measurable controls, and evidence that tells a consistent story—whether for customers, auditors, or leadership.

Risk assessments, treatment plans, and control mapping
Evidence structure, traceability, and reporting
Internal readiness reviews and corrective action plans

Pentesting & Security Validation

Focused testing to identify real exposure and validate defensive posture—paired with remediation guidance engineers can execute quickly.

Web and infrastructure pentesting (scoped engagements)
Vulnerability validation, prioritization, and proof-of-impact
Clear reports, fixes, and retesting support