• Develop, implement, and maintain a continual improvement program, that covers allaspects of governance, risk, and compliance• Ensure systems owned and operated by the IT, Security, and technical teams acrossthe company are in conformance with the necessary security standards andguidelines.• risk management and audit preparation activities as well as scheduling and leadingthe execution of business continuity exercises and documentation• Maintaining, updating… Show more • Develop, implement, and maintain a continual improvement program, that covers allaspects of governance, risk, and compliance• Ensure systems owned and operated by the IT, Security, and technical teams acrossthe company are in conformance with the necessary security standards andguidelines.• risk management and audit preparation activities as well as scheduling and leadingthe execution of business continuity exercises and documentation• Maintaining, updating, implementing, and ensuring the adherence of definedinformation security-related policies and procedures for the company.• Manage compliance and improve business processes and operations by supporting aprogram of internal audits and external assessments against adopted standards (e.g.ISO 27001, ISO 27701, ISO20000, GDPR, etc.)• Manage the continual flow of vendor security and data privacy questionnaires, liaisingwith internal teams where necessary to ensure timely completion.• Responsible for risk management and audit preparation activities within the company• Responsible for regular reporting of Key GRC metrics and risks to the Assimamanagement, GRC Leadership, and other such key stakeholders.• Leading incident management procedures within Assima covering informationsecurity and data privacy incidents. Show less

At the United Nations, I was tasked with developing a Risk Management Framework aligned with NIST 800-53 and the organization's existing cybersecurity controls. Throughout this role, I accomplished the following:- Developed a comprehensive control catalogue, encompassing critical areas of NIST standards and tailored for practical implementation within the UN.- Crafted process documents, policies, and procedures across various technical domains including vulnerability management… Show more At the United Nations, I was tasked with developing a Risk Management Framework aligned with NIST 800-53 and the organization's existing cybersecurity controls. Throughout this role, I accomplished the following:- Developed a comprehensive control catalogue, encompassing critical areas of NIST standards and tailored for practical implementation within the UN.- Crafted process documents, policies, and procedures across various technical domains including vulnerability management, application security, incident response, and access control.- Successfully deployed a Governance, Risk, and Compliance (GRC) solution, specifically Eramba, to streamline and enhance risk management processes.- Provided extensive guidance, training, and ongoing support to facilitate the operational adoption of the Risk Management Framework within the organization.- Conceptualized and implemented Key Risk Indicators for all security controls, as well as a regular reporting cycle Show less

- Spearheaded the management of Visma's Password Manager service as Service Owner, overseeing its lifecycle from architectural design and budgeting to deployment and daily operations. Orchestrated a diverse team encompassing development, engineering, and support to achieve adoption and usage targets.- Conceptualized and executed impactful security awareness campaigns covering various global and local business units, enhancing organizational security posture.- Conducted comprehensive… Show more - Spearheaded the management of Visma's Password Manager service as Service Owner, overseeing its lifecycle from architectural design and budgeting to deployment and daily operations. Orchestrated a diverse team encompassing development, engineering, and support to achieve adoption and usage targets.- Conceptualized and executed impactful security awareness campaigns covering various global and local business units, enhancing organizational security posture.- Conducted comprehensive reviews of multiple application architectures developed by Visma to ensure alignment with established security standards and best practices.- Demonstrated proficiency in designing and implementing robust security measures across a spectrum of security topics, fostering a culture of vigilance and compliance within the organization. Show less

Part of a global team of security experts designing, implementing and managing security services, my main responsibilities were:- Program Manager for a large, tri-service (Vulnerability Management, SIEM and Security Hardening) offering for a telco provider in the EU, from the big phase, through design, transition and transformation and down to operations- Regular stakeholder management, program updates and reporting - Managing a multinational program team from 5 different nations in… Show more Part of a global team of security experts designing, implementing and managing security services, my main responsibilities were:- Program Manager for a large, tri-service (Vulnerability Management, SIEM and Security Hardening) offering for a telco provider in the EU, from the big phase, through design, transition and transformation and down to operations- Regular stakeholder management, program updates and reporting - Managing a multinational program team from 5 different nations in the project phase, as well as several SOC resources in Operations - Acting as an L3 engineer for Vulnerability Management for Nokia's SOC- Security Officer for WING, Nokia’s IoT platform, where I offered security expertise to day-to-day operations, audit support (ISO 27001, SOC 1, SOC 2), change management and architecture reviews.- Risk responsible for WING - where I had the task of performing a wide risk assessment, documenting risks as well as proposing a baseline of security controls (and attached KRIs) for these risks Show less

Part of the Risk, Audit, Compliance & Governance team, I held the role of Information Security Officer for several UK-based customers who contracted Managed Security Services from Atos. My main areas of responsibility were:- Governing the client’s security postures on areas such as Risk Management, Vulnerability Management, Security Incidents & Reporting, Security Hardening, Patch management and others- Creating tailored security controls for technical asset categories like Windows… Show more Part of the Risk, Audit, Compliance & Governance team, I held the role of Information Security Officer for several UK-based customers who contracted Managed Security Services from Atos. My main areas of responsibility were:- Governing the client’s security postures on areas such as Risk Management, Vulnerability Management, Security Incidents & Reporting, Security Hardening, Patch management and others- Creating tailored security controls for technical asset categories like Windows servers, Web servers, etc.- Creating and maintaining risk registers and following Key Risk Indicators for all information security risks - Owner of the Application Security area for multiple customers, which were DAST-type scans using Burpsuite- Owner for both internal & external audits like ISO27001, ITCF or NIST Show less

As part of the GSA (Global Siemens Account), my role of Security Operations Manager entitled:- Governance & management work in order to ensure that over 40,000 assets were compliant with Siemens-issued hardening guides called CERT Measure Plans- Aligning, organizing work and communicating requirements across 7 global business units- Creating reports and dashboard per technology, business unit and many more- Regular stakeholder communications regarding project success