// Profile
I build security programs that survive audits — and incidents.
For nearly a decade I've worked at the intersection of cybersecurity, risk, and compliance — first inside large regulated enterprises, then as a Big-4 consultant, and today as an independent ISO/IEC 27001 Lead Auditor.
My work avoids two common traps: compliance theatre that doesn't reduce risk, and security architecture that auditors can't evidence. Every engagement I deliver is grounded in defensible documentation, measurable controls, and operational habits your team can actually sustain.
Certifications
- — ISO/IEC 27001:2022 Lead Auditor
- — ISO/IEC 27005 Risk Manager
- — CISA (Information Systems Auditor)
- — NIST CSF Practitioner
- — GDPR Practitioner
Frameworks
ISO 27001/27002/27005 · NIST CSF 2.0 · NIST 800-53 · SOC 2 · GDPR · PCI DSS · COBIT
// Experience
A track record across sectors.
Independent GRC Analyst & Lead Auditor
Self-employed
Advisory and audit engagements across fintech, SaaS, and healthtech clients in EU, UK and MENA.
Senior GRC Consultant
Big-4 Cyber Practice
Led ISO 27001 and SOC 2 readiness programs for regulated financial institutions.
Information Security Analyst
Enterprise SaaS
Built the second-line risk function and ran the internal audit program.