As an Information Security Consultant, I support clients (across Europe) in strengthening their cybersecurity posture and achieving regulatory compliance. I conduct comprehensive information security risk assessments, gap analyses, and TISAX, CRA, FINMA and other standards readiness assessments, while implementing and maintaining ISO 27001-aligned Information Security Management Systems (ISMS). My responsibilities include performing ITGC and ITAC control testing, developing and reviewing security policies and procedures, supporting audit readiness initiatives, and ensuring alignment with frameworks such as ISO 27001, NIS2, DORA, GDPR, NIST, COBIT, and COSO. I also lead third-party and vendor risk assessments, facilitate security awareness training, and provide continuous monitoring and remediation guidance to reduce operational and compliance risks. I collaborate closely with stakeholders across IT, operations, and management to design practical, risk-based security controls that enhance resilience and support business objectives.

Led comprehensive IT audits across finance, operations, and security functions, applying risk-based audit methodologies to identify control gaps and strengthen IT governance. Performed IT General Controls (ITGC) testing, including logical and physical access controls, change management, and IT operations (backup, recovery, and job scheduling). Developed and executed tailored audit programs aligned with business objectives and regulatory requirements, reducing control weaknesses by 40% and contributing to a 20% reduction in overall audit findings. Conducted detailed risk assessments to support the annual audit plan and ensure coverage of key business and technology risks. Collaborated with external auditors to align compliance objectives and streamline audit processes, resulting in significant cost efficiencies. Delivered high-quality audit reports with practical remediation recommendations to enhance control effectiveness and regulatory compliance.

Led the development, implementation, and continuous improvement of the Information Security Management System (ISMS) in alignment with ISO 27001 across upstream, midstream, and downstream operations. Conducted enterprise-wide information security risk assessments and ensured effective integration of security controls with business continuity, operational safety, and regulatory requirements. Established and maintained security governance frameworks, policies, standards, and procedures to support secure operations in a high-risk industrial environment. Coordinated internal and external audits, including certification and surveillance audits, ensuring compliance with ISO 27001, GDPR, and industry-specific regulations. Managed incident response activities, including investigation, root cause analysis, and remediation planning. Led third-party and supplier security assessments to ensure contractual and control compliance across the value chain. Delivered security awareness training programs and collaborated closely with IT, Engineering, Operations, HSE, and executive management to proactively mitigate cybersecurity and operational risks.

Certified Information System Auditor

ISACA

2025 - 2029

Credential ID: 252827155

ISO 27001 Lead Auditor

Mastermind Assurance