Overall responsibility as CISO in the DORA program for developing and updating the Management System for Information Security based on DORA and the introduction into the organization. Within the DORA program also responsibility as project manager for "Security & Operation", as well as expert resource as information security specialist within the other projects (e.g. Management (Governance), Risk management within the IT processes, Test program / framework, Incident management, continuity).Operational Cooperation manager towards IT management (LIS and DORA), as well as part of DORA's reference group in the role of DORA CISO.

Overall responsible for the operational IT security work, to ensure that security requirements are developed in such a way that the authority's IT strategy is realized and become clear to the authority.Close collaboration with system owners, projects, and functions in the line organization, to guide the development and management of security architecture and safety requirements and support the activities in its implementation.Seeing security solutions and improvements in their entirety, with a pragmatic balance between requirements, economy and needs.Part of the authority's expert team against other authorities and organizations.

MissionAs a project manager and internal control specialist, facilitate the establishment of Corporate Governance Risk Management (ERM) with the implementation of an Integrated Risk Management (IRM) system (ServiceNow), as well as to improve the work with internal controls. With the goal of supporting the functions and brands in their risk management and internal control processes.ActivitiesTo analyse functional managers and all brands in their risk management and internal control processes:Enterprise Risk Management (ERM), Risk and Control framework, joint governance taxonomy, Operational Risk Assessments (ORA), Governance Policy, Principles, GRC guidelines, defining future work practices, Policy control implementation, Risk assurance mapping, 3 lines of internal control and implementation of compliance framework.ResultsFeasibility study completed and planning for the introduction of new processes and a ServiceNow based GRC framework.

MissionThe Group (IT) Regulatory Compliance department provides objective supervision, challenge, and legal advice on the interpretation of (IT) laws and regulations on compliance and on the implementation of appropriate controls of the first defense functions.ActivitiesThe most important recurring activities in this function are: Perform supervision, advice, and guidance; Monitoring and reporting; and Review and challenge in relation to IT regulation; adaptation and implementation of the framework to statutory expectations and requirements through the first and second LoD.In addition, act as a subject expert (SME) in various programs, projects, and the Competence Center (CoE) in IT related areas.ResultsBuilt up from the ground a new 2nd line of defense (LoD) function "IT Regulatory Compliance" in Group Compliance as part of Data Protection Compliance to provide an overview of IT compliance with regulatory requirements. This meant producing basic governing documents, work instructions and tools, then implementing the new framework for IT compliance and building the organization required to handle all activities and approved requirements on an annual lifecycle basis (Business as usual), with a national presence in each initially decided country within the bank.The function includes cooperation with the 3 different lines of defense, including internal audit, legal units, risk functions and the operational activities as well as the primary contact person (subject matter expert) for IT regulatory issues for other compliance functions and initiatives within the bank's operations.

Overall responsibility for the operational IT security work and that security requirements was developed in such a way that the authority's IT strategy was realized and became clear to the authority.Manage the development and management of security architecture and security requirements and support the activities in its implementation. The controls framework included regulatory obligations (e.g., MSB 2020: 6/7/8), policy requirement and applicable standards (ISO 27001, 27701).Shape and develop the operational IT security work within the authority as well as collaboration with other authorities (suppliers) with service agreements and systematic follow-up of services and security compliance.Responsible for seeing solutions and improvements in the entity based on the needs of the business, e.g., management of cloud services and products, security training and introduction of systematic approach to compliance (GRC). Manage and explain security requirements with a pragmatic balance between regulatory requirements, financial impact and actual business needs.Act as the agency's IT security SME and be one of the agency's experts against other authorities (e.g., the Swedish Social Insurance Agency, the Police, the Swedish Tax Agency) and other organizations (e.g., SKR and the National Audit Office).This resulted in the delivery of new improved service agreements 2021 (with the Swedish Tax Agency) to include the new MSB regulations, a transparent systematic follow-up and improvement of operational security as well as clearer transparency of IT security costs and services.Business development deliveries included the start of a forum for collaboration in cloud services and security training, as well as a feasibility study for the introduction of GRC within the authority.

Internal controller for IT-security (ITGC) and IT complianceThe IT unit at Länsförsäkringar AB is responsible for ensuring that the Group has a modern,efficient, stable and secure IT environment. As Internal Controller for the ITGC to coordinate, assist and guide the IT operations and business operatives in the control framework.

Sentor is a cyber security company that works to protect socially important digital functions and organizations' business activities, against current and future cyber threats. Sentor has security services in the areas; managerial security, information security and technical IT security.

Ikano is an international, family owned group of companies. Ikano was established in 1988 and develops, owns and manages companies in the areas of asset management, finance, insurance, real estate and retail.Assignment: Make sure that IT is compliant with the applicable laws, regulations, internal policies and guidelines. Within IT we try to work across functional teams to secure clear IT processes, effective IT controls to support business requirement, continuity and recovery. In addition, I work with measurements including key risk indicators (KRIs) and key performance indicators (KPIs) to ensure performance and deliveries of the IT organization related to IT compliance. I also work closely with the compliance and risk, as well as audit functions, to support the establishment of the risk and control culture within the IT organisation. By this the GRC aspects of information security and GDPR are sufficiently in-place, continuously improved and monitored.Why is the work important?There are several benefits working with compliance, in addition to the obvious ones like avoiding fines and penalties, you have improved quality of service, IT security, communications and overall business practice.What’s the biggest challenge?It’s to balance the level of compliance and how we are to prioritise and plan our resources. What’s the biggest misconception about the work?That it’s a burden, unnecessary and time consuming work and I believe some find it annoying. But for me it’s simple it’s business development and quality assurance. Together we create industry and security awareness, improve the quality of our services and help create sustainability.

Acando is a management and IT consulting firm that implements sustainable business improvements through information based on and technology. Customer project assignment: The objective was to integrate the acquired market leader in Germany into the existing German operations, change the business processes & organization, and adapt current application landscape following Group standards.My role was to manage the business transformation as program manager with several individual parallel IT projects for implementation of new business processes, ERP & BI migrations (IFS and SAP), Database migration and field force mobility tools, with the support of the management teams on Group level and German management teams while the German operations going through a major re-structuring.Manage the internal IT resources and multiple external suppliers from Germany, India and Sweden.

Establish a Nordic sales branch for European Hardware Solutions BV (HQ in Rijen, The Netherlands). The objective is to expand and increase the sales in the Swedish and Nordic market. My role is to manage the business establishment, development and customer/supplier contacts with the support of the management team and back-office from the head-office in The Netherlands.

Busines Unit CIO for Northern Europe & International for Akzo Nobel Decorative Coatings in Malmö/Stockholm in Sweden and last year in Warzaw/Poland. Member of the corporate Akzo Nobel IT steering committe and responsible for a number of IT infrastructure Akzo Nobel projects. Responsibilities:- Extended Global set of responsibilities for business IT systems within the business unit and development of shared services. - Geographic area included Baltic countries, China, Europe, North Africa, Russia, South America and Ukraine.- Operational budget of €11 million excluding project budgets for ERP implementation and IT infrastructure projects.- 9 direct reports.- UK and Ireland IT disentanglement dictated by the EU competition law regulation after Akzo Nobel acquired ICI group.Results:- A well functioning Global IT service organisation within the business unit.- Established and implemented global standards replacing “islands of technology” in existence at the time. The goal of deployment was to enhance the business units’ operational productivity while controlling costs and laying foundation for potential future changes. - Once the benefits of deployment began to be realized and recognized across the organization, co-operation and willingness to adopt the new systems improved. This benefited in a number of subsequent business re-organizations, mergers and acquisitions, allowing for faster and less risky integration. - As the business demands grew in an ever more security and compliance conscious climate the “ONE” solution supplier strategy was created and work concentrated on implementation of Line of Business, WAN, messaging, shared purchasing, security & Sarbanes Oxley (SOX) compliance solutions.Additional information:- During these years I travelled extensively, frequently visiting country entities, working closely with all the business units as well as a number of suppliers, including Microsoft in Seattle and Cisco in San Diego.

Senior Business Consultant for Akzo Nobel’s IT division in Arnhem, The Netherlands. Advisor to the Akzo Nobel project steering committe for financial consolation.Responsibilities:- Business and Technical Project Manager for the 1st Global consolidation project for financial reporting. With direct reporting to the CFO, tasked with implementation of a consolidated worldwide solution for approximately 1600 Akzo Nobel operational units.- 5 direct reports. Results:- A very successful project implementation in a political mine field and global complexity, within budget and timeframes. - Establishment of governance and support organisation to maintain the services after the project was completed.Additional information:- Started my employment at Akzo Nobel AIS division, which was completely outsourced to Atos Origin during the project and when completed was the 1st person drafted back to Akzo Nobel.

Corporate CIO for Intrum Justitia in Amsterdam, The Netherlands. Interim IT manager for the Swedish companies, in 1998-1999.Responsibilities:- Chairman in the corporate IT governance group and IT representative in the corporate management team. - IT services and business applications for Intrum Justitia in all operational countries.- Geographic area: Europe.- Corporate IT budget and local budgets for ERP implementation and IT infrastructure projects. - 8 direct reportsResults:- Restructuring of business unit IT services and responsibilities to one shared organisation.- Implementation of shared business applications and IT infrastructure services within the group.- Established a corporate competence centre for software development and project organization for the new corporate debt collection business application. - Roll-out on country level of the new ERP system, with operational models for adoptions were developed and a focus on continuous improvements on a country by country basis.

Business Unit CIO for Intrum Justitia International in Amsterdam, The Netherlands. Responsibilities:- Member of the corporate IT governance group and IT representative in the business management team. - IT services and business applications for Intrum Justitia International.- IT services for the corporate centralized data centre hub.- Geographic area: Europe.- Business unit IT budget and local budgets for ERP implementation and IT infrastructure projects.- 3 direct reportsResults:- Implementation of shared corporate data centre hub with the associated IT operational services including internet, intranet, managed IT security and compliance.- Roll-out on country level of the International ERP system, with operational models for adoptions were developed and a focus on continuous improvements on a country by country basis.

Business Unit IT Coordinator for Intrum Justitia International in Stockholm, Sweden and Amsterdam, The Netherlands. Responsibilities:- Responsible technical project manager in the implementations and training of users in newly established offices for Intrum Justitia International. - Support corporate CIO in IT infrastructure projects. Results:- Successful local implementations and training of users in newly established offices in Belgium, France, Germany, Italy, Nordic, Spain, The Netherlands, UK and the Dutch Antilles. - Design and implementation of the first wide area network connecting all Intrum Justitia offices and providing an internal messaging system and IT security services.

Analyst & Developer for Intrum Justitia in Gothenburg and Stockholm, Sweden. Responsibilities:- Business analysis, development and maintenance of the debt collection software systems for Intrum Justitia Inkassobevakning AB in Sweden. Results:- Develop new and continuously improve the existing system, to meet new legal requirements while reducing the manual input (target of less than 2 %).

Software developer for Teli in Nynäshamn, Sweden. Responsibilities:- Development of software for the AXE PBX system, in close co-operation with LM Ericsson and testing in their test labs. Results:- Delivery with excellent quality and high volumes of software modules.