Consultancy
I offer a comprehensive suite of services to help organizations navigate complex digital challenges. My expertise spans Compliance Consulting, Technology Leadership, Organizational Transformation, and Cyber Defense—tailored to support secure, efficient, and future-ready operations.
- Governance, Risk, Compliance (GRC) Consulting
- Privacy Engineering & Data Protection
- AI Strategy & Risk Management
- Technology Leadership
- Digital and Organizational Transformation
- Building Intelligence-Led Cyberdefense
1. Governance, Risk, Compliance (GRC) Consulting
I experienced and understand how challenging it can be to introduce and operationalize compliance frameworks—especially in fast-moving environments. Information security feels “abstract”; hard to “grab”, hard to start, and unclear what needs to be done—and who should take ownership. Once implemented, the question becomes—how will it be embedded in daily operations? All while clients and partners expect certifications and adherence to standards.
Whether it’s ISO, SOC, AI-related standards, or “fresh” regulations like CRA and DORA, I’ve led compliance programs that not only met requirements but supported business growth—acquiring new leads and clients. My approach transforms regulatory pressure into structure, and long-term value—balancing the expectations of leadership, regulators, and customers alike.
Partnership opportunities (examples):
- Design, implementation, and continuous operation of leading compliance frameworks such as ISO 27001, SOC 2, SOX 404, DORA, EU CRA, and AI governance.
- GDPR advisory services, with a focus on translating legal requirements into actionable technical and organizational controls.
- Advisory and support for certification readiness, including gap analysis, risk assessments, audit preparation, and representation during audits.
- Acting as an Information Security Officer (ISO)—as mandated by some compliance frameworks—, running and advising on your security operations, internal and external audits.
- Leveraging frameworks like the “Process–Risk–Control” (PRC) model.
- Development of a governance umbrella to unify fragmented compliance activities under a cohesive operating model.
- Transformation of static compliance functions into an adaptive, scalable, and automated GRC environment.
Three brief facts about me:
- Cross-sector expertise. I bring deep Governance, Risk, and Compliance (GRC) expertise from both the FinTech and InfoTech sectors, with experience spanning small enterprises to multinational organizations.
- Strategic & Hands-on execution. I’ve led the implementation and management of compliance programs including ISO 27001, SOC 2, and SOX 404—combining strategic oversight with practical experience in control readiness and audit execution.
- Versatile application. This dual perspective enables me to map, implement, and operate security programs across a wide range of industries, and business environments.
Risk management | Certifications | Audit | Gap analysis | ISO - SOC - NIS - DORA - SOX | AI governance | Governance - risk - compliance (GRC) | Process - risk - controls (PRC) | Regulatory Risk | Operational Risk | Information security
Privacy Engineering & Data Protection
As part of my GRC Consulting services, I help you turn regulatory obligations into practical, scalable privacy programs (“what”) and their technology execution (“how”). Whether you're navigating GDPR, managing cross-border data flows, or embedding Privacy by Design into your systems, I translate legal and regulatory requirements into technical controls. From policy creation and Data Protection Impact Assessments (DPIA) facilitation to vendor assessments, I support your teams across legal, IT, and product functions.
- Designing and operationalizing GDPR-aligned and other privacy programs and requirements.
- “Matching” legal and technical requirements of Data Protection regulations.
- Conducting Data Protection Impact Assessments (DPIA) and risk-based vendor evaluations (mandated by ISO 27001, NIS2, DORA, Etc.).
- Evaluating and creating data classification, data handling and data protection policies and procedures.
Data privacy | Impact assessment | Regulatory | GDPR | EU CRA | Data policies
AI Strategy & Risk Management
One of today’s most pressing challenges for organizations is not just adopting AI—but doing so responsibly. Without clearly defined guidelines, AI tools can be misused—leading to data leakage (e.g. sensitive information entered into GPT tools) or security vulnerabilities (e.g. insecure code generated by AI).
As part of my GRC Consulting services, I help you define how AI can be used safely and effectively across your business. From drafting AI policies and internal guidelines to ensuring compliance with emerging regulations like the EU AI Act, I work closely with your leadership, legal, and technical teams to establish clear, actionable guardrails. Whether it’s assessing third-party tools, supporting internal development, or ensuring transparency and risk mitigation, I enable your teams to leverage AI securely and compliantly—while driving performance and innovation.
- Assessing AI systems against regulatory frameworks like the EU AI Act.
- Creating AI guidelines and policies for company staff, enabling effective and safe utilization of available AI solutions.
- Designing governance models for (high-risk and generative) AI use cases at the company.
- Supporting AI risk classification, transparency, and human oversight mechanisms.
AI | AI Risk | Regulatory | EU CRA | Data leak
2. Technology Leadership
As a versatile technology leader, I support both interim and long-term assignments, bringing hands-on experience in guiding engineering, security, and IT organizations through their full lifecycle—from scale-up and transformation to day-to-day operations.
In rapidly changing environments, I help align teams and functions, streamline operational delivery, and embed security into the daily rhythm of the technology organization.
Typical areas where I can support your organization include:
- Operational leadership and oversight of already performing delivery teams,
- Implementing or revamping CI/CD pipelines to boost delivery efficiency,
- Enabling Agile delivery methodologies (e.g.: Kanban, Scrum, ART, SAFe) tailored to your teams' real-world needs,
- Evolving Dev(Sec)Ops culture to align delivery and operations,
- Maturing SDLC and (Secure)SDLC processes for secure, resilient delivery,
- Optimizing business continuity and disaster recovery procedures.
Three brief facts about me:
- People-focused technologist. I bring real-world leadership experience in technology, cybersecurity, and IT operations, with a firm belief that people drive progress—supported by leadership and technology that empower them.
- Bridge-builder strategist. I speak both business and engineering, enabling alignment across product, security, development and leadership teams in complex, cross-functional environments.
- Security-aware delivery. From CICD to (Secure)SDLC, I embed governance and security into Agile technology delivery—ensuring innovation doesn’t compromise integrity or compliance.
CICD | (Secure)SDLC | Transformation | Ramp-up and scale | DevOps | DevSecOps | Operations | Agile | KanBan | Scrum | SAFe | ART | COB | Business continuity | Disaster recovery | Insourcing vs outsourcing | Horizontal vs vertical functions | Delivery | Leadesrship
Technology transformation (such as moving from OnPrem to SaaS solutions) and operational shifts (revamping project teams to product-based delivery) require more than just planning. They demand trust, clear communication, and resilient teams, all anchored in strong and empathetic leadership. Change brings uncertainty, so before taking any step, it’s essential to understand what employees are experiencing. This is especially true during ramp-up phases or in times of serious challenge, like restructuring or COVID.
"Do employees understand your vision and mission? Do they feel heard, involved, and motivated? Is the organization and its leadership committed?"
Organizational change, particularly in cross-functional or newly formed teams, can lead to confusion or resistance—risking the very collaboration and performance the change is meant to enhance. To counter this, it’s essential to create a “safe harbour” where individuals feel supported, informed, and empowered to engage with confidence.
I bring experience in leading cross-functional transformations, (re)building teams, and developing internal communication strategies that align people with purpose. I partner with leadership to identify core challenges, define actionable next steps, and create momentum—step by step. I believe that success is defined by people and teams—with technology serving to enable and support them.
Partnership opportunities (examples):
- Strategic leadership and hands-on support for complex transformation programs—including organizational restructuring, financial alignment, and product roadmap evolution.
- Enablement of end-to-end change management, including scale-up/down scenarios and post-merger integration.
- Design and implementation of modern delivery/DevOps structures, including product-oriented and cross-functional team models, balancing horizontal and vertical alignments.
- Facilitation of cultural alignment through clear vision and mission setting, transparent communication strategies, and leadership coaching.
- Optimization of feedback and performance management systems (E.g., OKRs), fostering continuous improvement and accountability.
- Development of financial planning and forecasting models—including budgeting, cost allocation, and rolling forecasts—to increase agility and cost control.
Three brief facts about me:
- Hands-on leader. As a Managing Director, I bring practical experience in both technology and organizational transformation, including navigating complex challenges such as the COVID-19 crisis. My approach is grounded in real-world execution, far beyond theoretical frameworks.
- Managing challenging times. Throughout my career, I’ve supported the ramp-up of new teams and cohesion efforts, as well as managed the complexities of downsizing. Both require sensitivity, strategic thinking (see below), and strong communication—areas where my experience consistently delivers value.
- Strategic execution. Whether shifting from projects to products, or building new capabilities, every transformation includes financial, organizational, and human elements. My strategic mindset and experience allows me to manage these interconnected dimensions effectively.
Transformation | Ramp-up and scale | Vision - mission - communication transparency | Insourcing vs outsourcing | Horizontal vs vertical functions | OKRs and feedback | RACI and management | Rolling forecast vs budgeting | Cross-functional teams | Fusion center
4. Building Intelligence-Led Cyberdefense
Cybersecurity is often equated with technology—hardware, software, and the presence of a Security Operations Center (SOC). However, true cyber resilience goes far beyond technical infrastructure. Fragmented security functions that operate in silos—without integrated communication and information sharing—are at a distinct disadvantage compared to adversaries employing Advanced Persistent Threat (APT) techniques.
Effective cyber response requires coordinated operations among diverse security teams, supported by real-time intelligence sharing and joint situational awareness—often facilitated through a physical or virtual fusion center. For example, threat intelligence teams must analyze emerging risks and disseminate actionable insights; adversary analysis and SOC units must collaborate on attack vector investigations; and patch management teams need timely visibility into affected systems and vulnerabilities.
Establishing and operating a unified, intelligence-led cybersecurity capability—integrating security teams like Threat intelligence, Incident response, SOC, Cyber exercise, Etc.—is a complex, enterprise-wide effort. It involves not only process and technology alignment, but also a strong human and communication component. Models such as “follow-the-sun” operations can further enhance efficiency, but also increase operational complexity.
I bring hands-on experience in building and scaling integrated cyber response capabilities, with a strong focus on governance, collaboration, and strategic alignment. My work includes implementing Common Operating Models and Governance Frameworks to strengthen incident response, improve coordination, and drive intelligence-led decision-making across cybersecurity functions.
Partnership opportunities (examples):
- Design and scaling of enterprise-grade overarching cybersecurity functions.
- Implementation of intelligence-led operating models, breaking down silos between security teams to drive coordinated, proactive defense.
- Creation of governance frameworks and operational / cyber response playbooks to standardize response, streamline collaboration, and enable shared situational awareness.
- Deployment of “follow-the-sun” and globally distributed cyber operations models for continuous threat monitoring and rapid response.
- Alignment of cybersecurity operations with compliance and audit requirements, ensuring security posture meets both internal and external expectations.
Three brief facts about me:
- Hands-on experience. At the Cyber Security Fusion Center (CSFC, ~50 employees across 10 teams), I supported the implementation of a Common Operating Model and Governance Framework to enhance crisis response capabilities and improve collaboration across our cyber defense teams.
- Threat intelligence leadership. I led and scaled the EMEA Cyber Threat Intelligence Analysis function, integrating it into the broader CSFC. I focused on identifying and contextualizing emerging threats, transforming them into actionable insights for both defensive strategy and executive communication.
- Compliance-driven technical insight. My strong technical foundation, combined with a deep understanding of compliance, enables me to bridge operational cybersecurity with regulatory and governance requirements—ensuring both security effectiveness and audit readiness.
Cybersecurity | Ramp-up and scale | Fusion Center | Threat Intelligence | Intelligence-Led Cyber | Transformation | Cyber Strategy & Operations | Cross-functional teams
full-time
I’m excited about the opportunity to engage in a full-time role where I can contribute strategically, operationally, and technically. I thrive in fast-paced, mission-driven environments and believe that empowering people and building strong team spirit are key to long-term success—especially in challenging times like COVID-19 or a high-inflation economy.
My background spans technology leadership & transformation, compliance and cybersecurity, but my core drive is always the same: creating clarity, boosting efficiency, and moving things forward. I take ownership, build bridges, and connect the dots across people and goals.
With roots in software engineering, I bring strong technical empathy—while genuinely enjoying working with people and engaging with clients.
I’m adaptable, resilient, and eager to be part of something meaningful over the long term.
(For further details, please check the .:Consultancy:. section of my portfolio.)