About

A concise snapshot of my profile and how I work across governance, assurance, and technical security.

I’m Juan Grateron, a Cybersecurity & Compliance professional and Computer Science Engineer based in Colombia. I focus on GRC and management systems—supporting ISO/IEC 27001 and ISO/IEC 42001 audits through risk-based evidence testing, control effectiveness reviews, and audit-ready documentation that helps teams remediate issues with clarity and speed.

At the same time, I keep sharpening my technical edge through hands-on penetration testing and offensive security as a passion project, aiming to build a profile that bridges governance with real-world security validation.

With 3+ years in cybersecurity, I’m driven by continuous learning and the challenge of turning complex requirements into practical, measurable outcomes.

Outside of work, you’ll usually find me reading manga, spending time with my cats, or enjoying a calm scenic view...

Professional Experience

MAR 2025 – Current

Insight Assurance

IT Auditor (ISO 27001)

Perform certification audit engagements based on ISO 27001, and readiness assessments.

• Conduct third-party certification audits against ISO/IEC 27001 and ISO/IEC 42001.
• Evaluate policies, risk treatment plans, and technical controls to assess effectiveness and conformity.
• Perform risk-based sampling and evidence testing during audit fieldwork.
• Document nonconformities and opportunities in formal audit reports.
• Follow up on corrective actions to verify remediation and sustained compliance.

FEB 2025 – OCT 2025

Baker Tilly Colombia

IT Auditor

Supported IT audit and internal control assessments related to IT governance and risk management.

• Analyzed configurations and documentation to identify control deficiencies and risks.
• Collaborated with technical teams and management to define remediation priorities.
• Delivered audit outputs to technical and non-technical stakeholders.

JUN 2024 – OCT 2024

Cooperativa de Panificadores de Santander

IT Consultant

Provided infrastructure and system support across Linux servers, databases, and user environments.

• Documented procedures and improved operational workflows to enhance IT stability.

Core Skills

A concise overview of my strongest domains—focused on audit-ready outcomes and practical governance.

Governance & Assurance

IT Control Assessment • Risk Identification • Issue & Remediation Tracking • IT Governance • Audit Reporting • Cross-functional Communication

Standards & Frameworks

ISO/IEC 27001 • ISO/IEC 42001

Languages

Comfortable working in bilingual environments (documentation, audits, and stakeholder communication).

Spanish — Native
English — C1 (Professional working proficiency)