GRC Framework:- Developed a comprehensive Governance, Risk, and Compliance (GRC) framework aligned with ISO 27001, NIST, and PCI standards.- Implemented company-wide GRC policies and procedures from the ground up.Risk management:- Introduced and managed a third-party risk management program to ensure vendor compliance and security.Compliance Program:- Ensured compliance with regulatory requirements, including GDPR, SOX, and industry-specific standards.- Spearheaded annual policy reviews and updates to keep pace with evolving legal and regulatory changes.Team Development:- Built and mentored a high-performing GRC team, fostering a culture of continuous improvement.- Provided training and development opportunities, enhancing team skills and knowledge.Strategic Initiatives:- Aligned GRC efforts with business objectives to support strategic goals.- Played a key role in mergers and acquisitions, performing due diligence and integrating GRC requirements.

Temporary acting DPO. Responsible for ensuring that GDPR compliance audits are performed, and educating the company and employee on compliance requirements.Serving as the point of contact between Unity and Supervisory Authorities.

Responsible for the development and establishment of the information security function at Trustpilot, with the goal of ensuring Trustpilot's information security readiness for a possible IPO and SOX complianceThis includes:- Performing IT risk assessment- Development of information security policies (based on ISO 2700x)- Mapping of regulatory and compliance requirements- Optimization of processes- BCM- Assessment of information security controls

Development and maintenance of local information security policies derived from global RSA policies, mapping of regulatory and compliance requirements for the Nordics and Business Continuity Management.Responsible for Business Continuity Management for Codan and Trygg-Hansa in the Nordics, with the responsibility of maintaining the BCM framework, conducting exercises, reporting to the BCM board and RSA.

IT Audit:Assessments of IT controls to support audit teams performing statutory audits on behalf of a range of private and public sector clients.Audits have included:- Risk assessment and identification of key control for testing- Assessments of IT controls- ISO 2700x compliance- Maturity of controls and process in the IT department- Verifying that the contractual requirements are being delivered

IT Audit:Assessments of IT controls to support audit teams performing statutory audits on behalf of a range of private and public sector clients. Audits involved identifying risks and testing general IT and application controls to obtain assurance that key IT controls are operating effectively. In scope areas can include IT security, operations and change control for applications and infrastructure, and issuing recommendations to clients to address control deficiencies or deviations.Audits have included:- Risk assessment and identification of key control for testing- Assessments of IT controls- ISO 2700x compliance- SOX audit- Maturity of controls and process in the IT department- Verifying that the contractual requirements are being deliveredData Analytics:Worked on a number of engagements that involved using computer assisted audit tools such as ACL and MS-SQL.