Fabrizio Di Carlo - Managing Director

Q: Where is Fabrizio based?

Fabrizio is based in Frankfurt, Germany and prefers 100% remote projects.

Q: What languages does Fabrizio speak?

Fabrizio speaks the following languages: Italian (Advanced), English (Elementary), French (Elementary) .

Q: How many years of experience does Fabrizio have?

Fabrizio has at least 14 years of experience. During this time, Fabrizio has worked in at least 10 different roles and for 9 different companies . The average length of individual experience is 1 year and 5 months . Note that Fabrizio may not have shared all experience and actually has more experience.

Q: What is Fabrizio's latest experience?

Fabrizio's most recent position is Managing Director at ContrailRisks Germany .

Q: What companies has Fabrizio worked for in recent years?

In recent years, Fabrizio has worked for ContrailRisks Germany , Cyber Monks GmbH , Avanade , Scoutbee , and Deutsche Börse .

Q: Which industries is Fabrizio most experienced in?

Fabrizio is most experienced in industries like Information Technology (IT) , Insurance , and Banking and Finance . Fabrizio also has some experience in Professional Services , Utility Services , and Retail .

Q: Which business areas is Fabrizio most experienced in?

Fabrizio is most experienced in business areas like Information Technology (IT) , Product Development , and Strategy and Planning . Fabrizio also has some experience in Customer Service , Sales , and Business Intelligence .

Q: Which industries has Fabrizio worked in recently?

Fabrizio has recently worked in industries like Information Technology (IT) , Banking and Finance , and Professional Services .

Q: Which business areas has Fabrizio worked in recently?

Fabrizio has recently worked in business areas like Information Technology (IT) , Strategy and Planning , and Product Development .

Recommended expert

Frankfurt, Germany

Experience

Nov 2024 - Present

1 year 5 months

Managing Director

ContrailRisks Germany

Founded and lead a cybersecurity advisory firm focused on virtual CISO services for financial, SaaS, and critical infrastructure clients.
Advise executive teams on cyber risk, regulatory compliance (DORA, NIS2, ISO 27001), and incident preparedness.
Built and executed security programs from scratch, driving measurable maturity improvements.
Delivered tailored risk assessments, policies, and cloud security guidance (AWS, Azure).
Scaled the business through client acquisition, partnerships (Vanta, AWS, etc), and a network of senior consultants.

Sep 2023 - Present

2 years 7 months

Chief Information Security Officer

Cyber Monks GmbH

Served as the first CISO, establishing the security vision and enterprise-wide program for a cloud-native, product-led SaaS.
Elevated customer trust to accelerate revenue growth by enabling sales, marketing, and customer success teams.
Defined strategic security priorities and represented the company externally as a thought leader.
Drove modernization through DevSecOps adoption, embedding governance and security controls into CI/CD pipelines and Azure cloud infrastructure.

Jan 2023 - Nov 2024

1 year 11 months

Group Manager

Avanade

Oversaw a team of IAM and PAM consultants and specialists, ensuring high-quality delivery across multiple client engagements.
Led both advisory and hands-on delivery of IAM/PAM solutions, aligning security and business priorities with Microsoft and partner technologies.
Developed and scaled practice-wide IAM strategies, frameworks, and capability-building initiatives across regions.
Managed executive-level client relationships, advising CxOs on security, identity governance, and Zero Trust adoption.
Drove growth of Avanade’s IAM offerings through presales, RFPs, and thought leadership, contributing to pipeline expansion.
Aligned IAM initiatives with broader cybersecurity, compliance, and digital transformation programs to maximize client value.
Recognized twice with the “Inspire Greatness” award for delivering high-impact cloud security training (AZ-900) to cross-European teams.

Jan 2022 - Oct 2022

10 months

Head of Information Security

Scoutbee

Led a cross-functional team of security analysts and engineers, fostering collaboration across IT, DevOps, and business units.
Embedded security into CI/CD pipelines and cloud infrastructure by partnering closely with DevOps and Engineering leads.
Streamlined the application landscape through enterprise architecture, enhancing efficiency and user experience.
Drove the design and rollout of core security capabilities—from endpoint protection to application security—reducing organizational risk exposure.
Oversaw the strategic implementation of security initiatives across business systems, significantly improving the company’s security posture.
Acted as Head of Corporate IT (ad interim from May 2022 to July 2022).

Nov 2019 - Dec 2021

2 years 2 months

Information Security Architect

Deutsche Börse

Served as the principal security architect for global initiatives, advising on solution design across critical business systems and infrastructure.
Acted as the trusted security advisor to enterprise architects and delivery teams, embedding security from planning through deployment.
Enabled secure digital transformation by championing a cloud-first strategy (Azure, AWS, GCP) and modernizing platforms with containerization and Zero Trust principles.
Delivered tailored security assessments and design reviews aligned with system delivery models and regulatory expectations.
Elevated organizational security posture through strategic integration of security controls within enterprise architecture and development workflows.
Influenced cross-functional decision-making by translating complex security requirements into actionable, business-aligned recommendations.

Aug 2017 - Sep 2019

2 years 2 months

Security Architect

Zurich Insurance Company Ltd

Led the security architecture for global IT initiatives, focusing on integrating security into the early stages of solution planning and design.
Acted as the primary security advisor for enterprise projects, providing strategic input across system delivery models and architecture decisions.
Guided enterprise architects and business stakeholders on secure design patterns and processes, aligning with evolving cloud adoption goals.
Enhanced the security posture of core business systems by embedding security principles into infrastructure and application architectures.
Specialized in cloud and hybrid security, driving secure adoption of AWS and Azure platforms across the enterprise.

Sep 2015 - Nov 2017

2 years 3 months

Security Engineer

Zurich Insurance Company Ltd

Led the planning, deployment, and Tier 3 support of global IT security infrastructure projects, ensuring secure and resilient operations.
Collaborated with architects and project managers to develop implementation strategies, proofs of concept, and cost-effective delivery plans.
Provided expert consulting to regional business units on best practices, technical risks, and vendor solutions.
Delivered major improvements to endpoint stability through the deployment of EDR and the reduction of policy complexity by 75%.
Automated routine security operations, enhancing efficiency and standardization across international teams.
Transitioned into the Information Security Architect role in August 2017, recognizing strategic and technical leadership capabilities.

Apr 2013 - Aug 2015

2 years 5 months

Technical Engineer

Symantec

Provided advanced support and security consulting for global clients using Symantec Endpoint Protection (SEP).
Responded to security incidents, advised on remediation, and supported deployments in enterprise environments.
Authored internal training and threat prevention documentation, including Cryptolocker response procedures.
Developed technical integrations (e.g., SEP with VMware Horizon View) and contributed to incident response process improvements.

Mar 2012 - Dec 2012

10 months

Developer

LoVendoPerTe.it SRL

Designed and implemented the new e-commerce platform, migrating from a monolithic structure to a multi-site and multi-domain structure.
Developed the website project.
Developed ETL procedures with Pentaho Data Integration (Kettle) and Selenium (automation) for the e-commerce system.

Jan 2011 - Feb 2012

1 year 2 months

CTO & Co-Founder

Startuppi

Co-founded a startup in stealth mode to create a marketplace for founders, developers, investors, and other startup ecosystem participants.
Maintained a database of startups as part of the platform offering.
Contributed to implementation within a larger project context.

Industries Experience

See where this freelancer has spent most of their professional time. Longer bars indicate deeper hands-on experience, while shorter ones reflect targeted or project-based work.

Experienced in Information Technology (8 years), Insurance (4 years), Banking and Finance (3.5 years), Professional Services (2 years), Utilities (1.5 years), and Retail (1 year).

Information Technology

Insurance

Banking and Finance

Professional Services

Utilities

Retail

Business Areas Experience

The graph below provides a cumulative view of the freelancer's experience across multiple business areas, calculated from completed and active engagements. It highlights the areas where the freelancer has most frequently contributed to planning, execution, and delivery of business outcomes.

Experienced in Information Technology (14.5 years), Product Development (4.5 years), Strategy (3 years), Customer Service (2.5 years), Sales (2 years), and Operations (1 year).

Information Technology

Product Development

Strategy

Customer Service

Sales

Operations

Summary

Strategic and business-savvy Chief Information Security Officer with 10+ years’ experience securing cloud-native and SaaS environments. Proven leadership in AWS and Azure cloud security, DevSecOps, SecOps, and automation of IT and software development. Adept at threat modeling modern software, embedding security in CI/CD, and enforcing scalable security controls. Experienced in driving strategy, OKRs, RFPs, and vendor due diligence for SaaS, finance, and critical infrastructure clients.

Languages

Italian

Advanced

English

Elementary

French

Elementary

Education

Jan 2023 - Jan 2024

INSEAD

Fontainebleau, France

Jan 2016 - Jan 2018

University College Dublin

Master of Science · Digital Investigation & Forensic Computing & Cyber/Computer Forensics and Counterterrorism · Dublin, Ireland

Jan 2011 - Jan 2011

Warsaw University of Technology

Bachelor of Science · Computer Science · Warsaw, Poland

...and 1 more

Certifications & licenses

AWS Partner: Technical Accredited

Certified Cyber Resilience Officer

Certified ISO 31000:2018 Risk Manager

GIAC Public Cloud Security (GPCS)

GRC Professional Certification

ISO 42001:2023 Lead Implementer and Lead Auditor

ISO/IEC 27001:2022 Lead Auditor

McKinsey Forward Program

Secure Controls Framework (SCF) Architect

Profile

Created

December 2025

Need a freelancer? Find your match in seconds.

Try FRATCH GPT

Frequently asked questions

Do you have questions? Here you can find further information.

Where is Fabrizio based?

Fabrizio is based in Frankfurt, Germany and prefers 100% remote projects.

What languages does Fabrizio speak?

Fabrizio speaks the following languages: Italian (Advanced), English (Elementary), French (Elementary).

How many years of experience does Fabrizio have?

Fabrizio has at least 14 years of experience. During this time, Fabrizio has worked in at least 10 different roles and for 9 different companies. The average length of individual experience is 1 year and 5 months. Note that Fabrizio may not have shared all experience and actually has more experience.

What roles would Fabrizio be best suited for?

Based on recent experience, Fabrizio would be well-suited for roles such as: Managing Director, Chief Information Security Officer, Group Manager.

What is Fabrizio's latest experience?

Fabrizio's most recent position is Managing Director at ContrailRisks Germany.

What companies has Fabrizio worked for in recent years?

In recent years, Fabrizio has worked for ContrailRisks Germany, Cyber Monks GmbH, Avanade, Scoutbee, and Deutsche Börse.

Which industries is Fabrizio most experienced in?

Fabrizio is most experienced in industries like Information Technology (IT), Insurance, and Banking and Finance. Fabrizio also has some experience in Professional Services, Utility Services, and Retail.

Which business areas is Fabrizio most experienced in?

Fabrizio is most experienced in business areas like Information Technology (IT), Product Development, and Strategy and Planning. Fabrizio also has some experience in Customer Service, Sales, and Business Intelligence.

Which industries has Fabrizio worked in recently?

Fabrizio has recently worked in industries like Information Technology (IT), Banking and Finance, and Professional Services.

Which business areas has Fabrizio worked in recently?

Fabrizio has recently worked in business areas like Information Technology (IT), Strategy and Planning, and Product Development.

What is Fabrizio's education?

Fabrizio holds a Master in Digital Investigation & Forensic Computing & Cyber/Computer Forensics and Counterterrorism from University College Dublin, a Bachelor in Computer Science from Warsaw University of Technology and a Bachelor in Computer Engineering from Sapienza Università di Roma.

Does Fabrizio have any certificates?

Fabrizio has 9 certificates. Among them, these include: AWS Partner: Technical Accredited, Certified Cyber Resilience Officer, and Certified ISO 31000:2018 Risk Manager.

What is the availability of Fabrizio?

Fabrizio is immediately available part-time for suitable projects.

What is the rate of Fabrizio?

Fabrizio's rate depends on the specific project requirements. Please use the Meet button on the profile to schedule a meeting and discuss the details.