Ákos Kovács

Intro

“As a technology leader, I'm passionate about empowering people.
Smart security drives trust and business growth.”

About me

My name is Akos Kovacs, an Information Security professional and IT leader. With a diverse background in risk & compliance, IT delivery & operations, and cybersecurity, I bring hands-on, cross-functional experience to align technology with business goals.

Please see below some of my career highlights:

Technology leadership

• As Technology Manager I’ve led and scaled an IT company (70+ employees, €5M/y), driving technology and organizational transformation, delivery excellence, and business resilience during challenging times (e.g. COVID).
• As Head of Operations & IT, I shaped the company’s digital backbone—defining IT strategy, building and optimizing core processes, and overseeing financial operations.

Governance, Risk, Compliance (GRC)

• As Head of Compliance and Data Privacy Officer, I have hands-on experience in the end-to-end implementation and operation of ISO 27001 and SOC 2 frameworks. I’ve also led complex InfoSec initiatives—including DORA, GDPR, and AI readiness—by integrating compliance into the technology roadmap to support business growth.
• As IT Governance, Risk, Compliance (GRC) Lead I led information security initiatives in the banking sector, driving efforts to minimize operational and technology risks while strengthening security controls and supporting audits.
• As Cybersecurity Manager, I played a key role in implementing a Common Operating Model and Governance Framework for the Cyber Security Fusion Center (CSFC), improving crisis response and collaboration, while maintaining ISO 27001 readiness. I led the EMEA Cyber Threat Intelligence function and represented the cyber mission with clients and senior stakeholders.

Hands-on technology background

• Earlier in my career I’ve led diverse (ITIL) teams and client-facing projects across (Agile) software development, and DevOps—managing initiatives with budgets up to $1.5M/y and teams of up to 10 professionals in both direct and matrix structures. My hands-on experience also includes developing databases, writing technology tenders, and implementing CRM systems and web-based solutions.

Whether you’re seeking compliance / technology expertise or an experienced InfoSec / InfoTech leader to drive complex initiatives and boost operational efficiency, I’d be happy to connect.

Philosophy

People drive progress—it's leadership and technology that empower them to make it happen.

• Listen to people. Talk to people. People are the organization—and without them, there is no delivery. They may have good days and bad days, but open, honest, and transparent communication builds trust, understanding, and resilience. People want to be heard—and they notice when they aren’t. When we communicate clearly and truthfully, they reflect that. But when reality is bent and facts are sugar-coated, uncertainty and detachment begin to grow.
• Success is defined by the teams. Technology supports it. Cutting-edge tools can be powerful enablers—but they don’t stand on their own. It's a strong company culture and embraced mission that actually deliver results. With a clear, realistic vision, and the freedom to do their best work, teams can maximize any technology. But without great teams, even the best tools won’t solve fundamental challenges.
• If there’s a more effective way, do it. A better way is always worth exploring. Innovation often comes from questioning “how we’ve always done it.” That doesn’t mean change for the sake of change—but good ideas should be encouraged and challenged. Refusing to evolve means falling behind, especially if others are willing to move forward.
• Don’t fix what isn’t broken. Transforming operations carries risk—especially when done without context. Just because a method or technology is trending doesn’t mean it’s right for your team. If your delivery is working well, stay informed, but don’t feel pressured to overhaul what’s already effective. Stability has value.
• Avoid zero-sum leadership. “Giving with one hand and taking with the other” creates confusion and frustration. Local, short-term fixes that cause problems elsewhere aren’t real improvements—they just shift the burden. Cost-cutting that harms morale or performance comes at a long-term cost. A systems-level view can reveal more sustainable, positive solutions.

Consultancy

I offer a comprehensive suite of services to help organizations navigate complex digital challenges. My expertise spans Compliance Consulting, Technology Leadership, Organizational Transformation, and Cyber Defense—tailored to support secure, efficient, and future-ready operations.

1. Governance, Risk, Compliance (GRC) Consulting
2. Privacy Engineering & Data Protection
3. AI Strategy & Risk Management
4. Technology Leadership
5. Digital and Organizational Transformation
6. Building Intelligence-Led Cyberdefense

1. Governance, Risk, Compliance (GRC) Consulting

I experienced and understand how challenging it can be to introduce and operationalize compliance frameworks—especially in fast-moving environments. Information security feels “abstract”; hard to “grab”, hard to start, and unclear what needs to be done—and who should take ownership. Once implemented, the question becomes—how will it be embedded in daily operations? All while clients and partners expect certifications and adherence to standards.

Whether it’s ISO, SOC, AI-related standards, or “fresh” regulations like CRA and DORA, I’ve led compliance programs that not only met requirements but supported business growth—acquiring new leads and clients. My approach transforms regulatory pressure into structure, and long-term value—balancing the expectations of leadership, regulators, and customers alike.

Partnership opportunities (examples):

• Design, implementation, and continuous operation of leading compliance frameworks such as ISO 27001, SOC 2, SOX 404, DORA, EU CRA, and AI governance.
• GDPR advisory services, with a focus on translating legal requirements into actionable technical and organizational controls.
• Advisory and support for certification readiness, including gap analysis, risk assessments, audit preparation, and representation during audits.
• Acting as an Information Security Officer (ISO)—as mandated by some compliance frameworks—, running and advising on your security operations, internal and external audits.
• Leveraging frameworks like the “Process–Risk–Control” (PRC) model.
• Development of a governance umbrella to unify fragmented compliance activities under a cohesive operating model.
• Transformation of static compliance functions into an adaptive, scalable, and automated GRC environment.

Three brief facts about me:

• Cross-sector expertise. I bring deep Governance, Risk, and Compliance (GRC) expertise from both the FinTech and InfoTech sectors, with experience spanning small enterprises to multinational organizations.
• Strategic & Hands-on execution. I’ve led the implementation and management of compliance programs including ISO 27001, SOC 2, and SOX 404—combining strategic oversight with practical experience in control readiness and audit execution.
• Versatile application. This dual perspective enables me to map, implement, and operate security programs across a wide range of industries, and business environments.

Risk management | Certifications | Audit | Gap analysis | ISO - SOC - NIS - DORA - SOX | AI governance | Governance - risk - compliance (GRC) | Process - risk - controls (PRC) | Regulatory Risk | Operational Risk | Information security

Privacy Engineering & Data Protection

As part of my GRC Consulting services, I help you turn regulatory obligations into practical, scalable privacy programs (“what”) and their technology execution (“how”). Whether you're navigating GDPR, managing cross-border data flows, or embedding Privacy by Design into your systems, I translate legal and regulatory requirements into technical controls. From policy creation and Data Protection Impact Assessments (DPIA) facilitation to vendor assessments, I support your teams across legal, IT, and product functions.

• Designing and operationalizing GDPR-aligned and other privacy programs and requirements.
• “Matching” legal and technical requirements of Data Protection regulations.
• Conducting Data Protection Impact Assessments (DPIA) and risk-based vendor evaluations (mandated by ISO 27001, NIS2, DORA, Etc.).
• Evaluating and creating data classification, data handling and data protection policies and procedures.

Data privacy | Impact assessment | Regulatory | GDPR | EU CRA | Data policies

AI Strategy & Risk Management

One of today’s most pressing challenges for organizations is not just adopting AI—but doing so responsibly. Without clearly defined guidelines, AI tools can be misused—leading to data leakage (e.g. sensitive information entered into GPT tools) or security vulnerabilities (e.g. insecure code generated by AI).

As part of my GRC Consulting services, I help you define how AI can be used safely and effectively across your business. From drafting AI policies and internal guidelines to ensuring compliance with emerging regulations like the EU AI Act, I work closely with your leadership, legal, and technical teams to establish clear, actionable guardrails. Whether it’s assessing third-party tools, supporting internal development, or ensuring transparency and risk mitigation, I enable your teams to leverage AI securely and compliantly—while driving performance and innovation.

• Assessing AI systems against regulatory frameworks like the EU AI Act.
• Creating AI guidelines and policies for company staff, enabling effective and safe utilization of available AI solutions.
• Designing governance models for (high-risk and generative) AI use cases at the company.
• Supporting AI risk classification, transparency, and human oversight mechanisms.

AI | AI Risk | Regulatory | EU CRA | Data leak

2. Technology Leadership

As a versatile technology leader, I support both interim and long-term assignments, bringing hands-on experience in guiding engineering, security, and IT organizations through their full lifecycle—from scale-up and transformation to day-to-day operations.

In rapidly changing environments, I help align teams and functions, streamline operational delivery, and embed security into the daily rhythm of the technology organization.

Typical areas where I can support your organization include:

• Operational leadership and oversight of already performing delivery teams,
• Implementing or revamping CI/CD pipelines to boost delivery efficiency,
• Enabling Agile delivery methodologies (e.g.: Kanban, Scrum, ART, SAFe) tailored to your teams' real-world needs,
• Evolving Dev(Sec)Ops culture to align delivery and operations,
• Maturing SDLC and (Secure)SDLC processes for secure, resilient delivery,
• Optimizing business continuity and disaster recovery procedures.

Three brief facts about me:

• People-focused technologist. I bring real-world leadership experience in technology, cybersecurity, and IT operations, with a firm belief that people drive progress—supported by leadership and technology that empower them.
• Bridge-builder strategist. I speak both business and engineering, enabling alignment across product, security, development and leadership teams in complex, cross-functional environments.
• Security-aware delivery. From CICD to (Secure)SDLC, I embed governance and security into Agile technology delivery—ensuring innovation doesn’t compromise integrity or compliance.

CICD | (Secure)SDLC | Transformation | Ramp-up and scale | DevOps | DevSecOps | Operations | Agile | KanBan | Scrum | SAFe | ART | COB | Business continuity | Disaster recovery | Insourcing vs outsourcing | Horizontal vs vertical functions | Delivery | Leadesrship

3. Digital and Organizational Transformation

Technology transformation (such as moving from OnPrem to SaaS solutions) and operational shifts (revamping project teams to product-based delivery) require more than just planning. They demand trust, clear communication, and resilient teams, all anchored in strong and empathetic leadership. Change brings uncertainty, so before taking any step, it’s essential to understand what employees are experiencing. This is especially true during ramp-up phases or in times of serious challenge, like restructuring or COVID.

"Do employees understand your vision and mission? Do they feel heard, involved, and motivated? Is the organization and its leadership committed?"

Organizational change, particularly in cross-functional or newly formed teams, can lead to confusion or resistance—risking the very collaboration and performance the change is meant to enhance. To counter this, it’s essential to create a “safe harbour” where individuals feel supported, informed, and empowered to engage with confidence.

I bring experience in leading cross-functional transformations, (re)building teams, and developing internal communication strategies that align people with purpose. I partner with leadership to identify core challenges, define actionable next steps, and create momentum—step by step. I believe that success is defined by people and teams—with technology serving to enable and support them.

Partnership opportunities (examples):

• Strategic leadership and hands-on support for complex transformation programs—including organizational restructuring, financial alignment, and product roadmap evolution.
• Enablement of end-to-end change management, including scale-up/down scenarios and post-merger integration.
• Design and implementation of modern delivery/DevOps structures, including product-oriented and cross-functional team models, balancing horizontal and vertical alignments.
• Facilitation of cultural alignment through clear vision and mission setting, transparent communication strategies, and leadership coaching.
• Optimization of feedback and performance management systems (E.g., OKRs), fostering continuous improvement and accountability.
• Development of financial planning and forecasting models—including budgeting, cost allocation, and rolling forecasts—to increase agility and cost control.

Three brief facts about me:

• Hands-on leader. As a Managing Director, I bring practical experience in both technology and organizational transformation, including navigating complex challenges such as the COVID-19 crisis. My approach is grounded in real-world execution, far beyond theoretical frameworks.
• Managing challenging times. Throughout my career, I’ve supported the ramp-up of new teams and cohesion efforts, as well as managed the complexities of downsizing. Both require sensitivity, strategic thinking (see below), and strong communication—areas where my experience consistently delivers value.
• Strategic execution. Whether shifting from projects to products, or building new capabilities, every transformation includes financial, organizational, and human elements. My strategic mindset and experience allows me to manage these interconnected dimensions effectively.

Transformation | Ramp-up and scale | Vision - mission - communication transparency | Insourcing vs outsourcing | Horizontal vs vertical functions | OKRs and feedback | RACI and management | Rolling forecast vs budgeting | Cross-functional teams | Fusion center

4. Building Intelligence-Led Cyberdefense

Cybersecurity is often equated with technology—hardware, software, and the presence of a Security Operations Center (SOC). However, true cyber resilience goes far beyond technical infrastructure. Fragmented security functions that operate in silos—without integrated communication and information sharing—are at a distinct disadvantage compared to adversaries employing Advanced Persistent Threat (APT) techniques.

Effective cyber response requires coordinated operations among diverse security teams, supported by real-time intelligence sharing and joint situational awareness—often facilitated through a physical or virtual fusion center. For example, threat intelligence teams must analyze emerging risks and disseminate actionable insights; adversary analysis and SOC units must collaborate on attack vector investigations; and patch management teams need timely visibility into affected systems and vulnerabilities.

Establishing and operating a unified, intelligence-led cybersecurity capability—integrating security teams like Threat intelligence, Incident response, SOC, Cyber exercise, Etc.—is a complex, enterprise-wide effort. It involves not only process and technology alignment, but also a strong human and communication component. Models such as “follow-the-sun” operations can further enhance efficiency, but also increase operational complexity.

I bring hands-on experience in building and scaling integrated cyber response capabilities, with a strong focus on governance, collaboration, and strategic alignment. My work includes implementing Common Operating Models and Governance Frameworks to strengthen incident response, improve coordination, and drive intelligence-led decision-making across cybersecurity functions.

Partnership opportunities (examples):

• Design and scaling of enterprise-grade overarching cybersecurity functions.
• Implementation of intelligence-led operating models, breaking down silos between security teams to drive coordinated, proactive defense.
• Creation of governance frameworks and operational / cyber response playbooks to standardize response, streamline collaboration, and enable shared situational awareness.
• Deployment of “follow-the-sun” and globally distributed cyber operations models for continuous threat monitoring and rapid response.
• Alignment of cybersecurity operations with compliance and audit requirements, ensuring security posture meets both internal and external expectations.

Three brief facts about me:

• Hands-on experience. At the Cyber Security Fusion Center (CSFC, ~50 employees across 10 teams), I supported the implementation of a Common Operating Model and Governance Framework to enhance crisis response capabilities and improve collaboration across our cyber defense teams.
• Threat intelligence leadership. I led and scaled the EMEA Cyber Threat Intelligence Analysis function, integrating it into the broader CSFC. I focused on identifying and contextualizing emerging threats, transforming them into actionable insights for both defensive strategy and executive communication.
• Compliance-driven technical insight. My strong technical foundation, combined with a deep understanding of compliance, enables me to bridge operational cybersecurity with regulatory and governance requirements—ensuring both security effectiveness and audit readiness.

Cybersecurity | Ramp-up and scale | Fusion Center | Threat Intelligence | Intelligence-Led Cyber | Transformation | Cyber Strategy & Operations | Cross-functional teams

full-time

I’m excited about the opportunity to engage in a full-time role where I can contribute strategically, operationally, and technically. I thrive in fast-paced, mission-driven environments and believe that empowering people and building strong team spirit are key to long-term success—especially in challenging times like COVID-19 or a high-inflation economy.

My background spans technology leadership & transformation, compliance and cybersecurity, but my core drive is always the same: creating clarity, boosting efficiency, and moving things forward. I take ownership, build bridges, and connect the dots across people and goals.

With roots in software engineering, I bring strong technical empathy—while genuinely enjoying working with people and engaging with clients.

I’m adaptable, resilient, and eager to be part of something meaningful over the long term.

(For further details, please check the .:Consultancy:. section of my portfolio.)

Highlights & CV

With a diverse background in Information Technology, Information Security and Cybersecurity, I’ve held multiple leadership and hands-on technical roles—often in parallel. Here are five key highlights from my career:

Strategy & Technology delivery

• Strategic management: scaling and leading an IT company to 70+ employees as Managing Director (MD). Driving strategic planning and operational / technology transformation as Head of Operations & IT.
• Technology leadership & Delivery: various technical leadership roles—spanning Dev(Sec)Ops, CICD, product and project delivery, support and application portfolio management. Delivering & operating within Agile and ITIL frameworks, and acting as the First Point of Contact / Technology Partner for clients and business owners.

InfoSec & CyberSec

• Security & Compliance: 6+ years in security-related roles, including mid-sized and multinational companies, acting as a Head of Compliance. Implemented and operated various compliance frameworks (E.g.: ISO, SOC), transformed regulatory requirements into business enablers (E.g.: DORA, CRA, AI initiatives), and managed both operational and regulatory risk in IT and Banking.
• Cybersecurity: 4 years in cybersecurity leadership, building cross-functional collaboration & functions across cybersecurity teams. Strengthening cyber resilience capabilities by implementing a Common Operating Model and Governance Framework. Improving incident response, managing a Threat Intelligence function. Engaged with clients, representing the organization’s cyber mission.

Hands-on background

• Technical foundation: hands-on experience in software engineering with a strong focus on DevOps, CRM, PHP, Java, JS, and database architectures.

Download my printable CV (PDF) for a concise overview of my background.

• PDF

For a complete overview of my professional background, please visit my LinkedIn profile.

• LinkedIn

Contact

• LinkedIn
• Facebook

Elements

i = 0;

while (!deck.isInOrder()) {
    print 'Iteration ' + i;
    deck.shuffle();
    i++;
}

print 'It took ' + i + ' iterations to sort the deck.';