Spain’s insurance sector is being reshaped by digital distribution, embedded insurance partnerships, and rising expectations for always-on service. At the same time, insurers are navigating regulatory pressure, complex third-party ecosystems, and an expanding attack surface across customer portals, claims platforms, and back-office operations. The cybersecurity leaders below stand out for turning security, resilience, and governance into practical operating models that protect policyholders and keep core services running.
Esther Rus — Global Chief Information Security Officer, AXA Partners
Esther Rus brings more than 20 years of leadership in information security, business resilience, and data protection, aligning security strategy with business objectives in complex, highly regulated environments. Her work spans enterprise risk management, incident and crisis response, security operations, and privacy programs, with international experience leading security across Iberia and coordinating deployments in Latin America. She is also active in advisory groups focused on aligning global initiatives in information security, resilience, and data protection.
Enrique Rubio-Manzanares Alvarez — Chief Information Security Officer, SegurCaixa Adeslas
Enrique Rubio-Manzanares Alvarez leads cybersecurity at SegurCaixa Adeslas, with prior CISO roles in banking and digital financial services. His background combines security leadership with hands-on experience in network and security engineering, spanning firewall and perimeter security, load balancing, and complex infrastructure operations. This blend of governance and technical execution supports security programs designed for regulated environments with high availability requirements.
Jordi Cardona Alvarez — Chief Information Security Officer, VidaCaixa
Jordi Cardona Alvarez serves as CISO at VidaCaixa, with experience spanning security, GDPR, and infrastructure program delivery. His work has included project governance models, stakeholder reporting, and risk management across large initiatives, as well as identity and access management programs that cover governance, lifecycle processes, and implementation support. This program discipline translates well to insurers balancing regulatory compliance with modernization efforts.
Raquel Sierra Angulo — Chief Information Security Officer, Medvida Partners
Raquel Sierra Angulo leads information security at Medvida Partners, bringing experience across operational resilience and regulatory-driven programs. Her background includes DORA adaptation projects, third-party risk management, and assurance work tied to standards such as ISO 27001, SOC reporting, ISO 22301, and PCI DSS. She has also supported executive reporting through KPIs and dashboards, helping leadership teams track risk posture and remediation progress.
Ainhoa Garcia Odriozola — Chief Information Security Officer, Seguros Lagun Aro
Ainhoa Garcia Odriozola leads cybersecurity at Seguros Lagun Aro, with prior experience in networking and security leadership across large enterprise environments. Her background includes building and running network security functions, supporting operations and change management, and working across multiple service providers and complex infrastructure landscapes. That operational grounding is valuable for insurers where secure connectivity and reliable service delivery are foundational to customer trust.
Jaime Castro Montero — Chief Information Security Officer, MyInvestor
Jaime Castro Montero serves as CISO at MyInvestor after several years leading security in digital banking environments. His earlier experience includes extensive work on business continuity management and information security management systems aligned to ISO 22301 and ISO 27001, as well as audits and regulatory readiness efforts. This mix supports fast-growing digital organizations that need structured control frameworks without slowing product velocity.
Marta Flores Valverde — Chief Information Security Officer, Mutua Madrileña
Marta Flores Valverde leads security at Mutua Madrileña, with deep experience across security governance, business continuity, resilience exercises, and incident response. Her background includes ISO 27001-aligned governance, security architecture and policy development, crisis simulations, vulnerability management, forensics, and coordination of incident handling. She has also led security capabilities linked to payment environments and authentication services, supporting secure transactions and customer-facing services.
Gonzalo Asensio — Global Chief Information Security Officer, Bankinter
Gonzalo Asensio leads digital security and cybersecurity strategy across Bankinter’s group footprint, including multiple geographies and business units. His focus emphasizes security as a business enabler, building management teams and operating models that cover governance and prevention, cybersecurity execution, and detection and response. He is also active as a speaker and educator, sharing practical perspectives on aligning digital security with executive decision-making.
David Jorrín — Chief Information Security Officer, Ocaso
David Jorrín leads information security at Ocaso and brings long-term continuity in building and operating security functions over multiple decades. His experience includes departmental leadership in computer security, project delivery, operational security management, and security awareness. This sustained operational leadership is particularly relevant in insurance organizations where modernization must coexist with legacy platforms and long-lived core processes.
Víctor Hernández Martín — Cybersecurity Specialist, Office of the Chief Information Security Officer, ASISA
Víctor Hernández Martín supports cybersecurity strategy within the Office of the CISO at ASISA, working across metrics, executive reporting, incident response planning, and supplier cyber risk assessment. His experience includes secure development methodology implementation, vulnerability remediation tracking, pentest service management, SIEM governance support, and hardening guidance. His scope also includes work related to organizational alignment with insurance-focused regulatory expectations and broader resilience requirements.
Securing Claims, Customer Trust, and Operational Resilience
Insurance cybersecurity in Spain is as much about continuity as it is about defense. The leaders in this list reflect the realities of modern insurance operations: high dependency on third parties, constant digital interaction with customers and partners, and resilience requirements that span claims, assistance services, and core platforms. Their work shows how governance, incident readiness, and practical security engineering come together to protect policyholders and keep critical services available.