Security governance,
measured & certified.
I'm a Cyber Security GRC Analyst and ISO/IEC 27001 Lead Auditor. I help organisations stand up Information Security Management Systems that pass certification — and actually reduce risk.
// Capabilities
Operational GRC, not paperwork theatre.
ISMS Implementation
End-to-end ISO/IEC 27001 program design, statement of applicability, and certification readiness.
Internal & Lead Audits
Independent stage 1/2 readiness audits aligned to ISO 19011 and certification body expectations.
Risk & Control Management
Asset-based risk assessments, treatment plans, and Annex A control mapping with measurable KPIs.
GRC Advisory
NIST CSF, SOC 2, GDPR alignment, third-party risk, and security policy lifecycle ownership.
// Engagement Model
From gap analysis to certification.
Discovery
Scoping workshop, gap diagnostic against ISO 27001 Annex A and your regulatory landscape.
Risk & Design
Asset register, threat modelling, risk treatment plan, and tailored ISMS architecture.
Implement
Policies, controls, evidence pipelines, awareness, and operational rollout with your teams.
Audit & Certify
Internal audit, management review, and lead-auditor support through certification.
// Outcomes
What you can expect.
Engagements are scoped against measurable security and compliance outcomes — not deliverable counts.
Start with a consultation- Certifiable ISO/IEC 27001:2022 ISMS aligned to your business model
- Risk register tied to Annex A controls, owners, and KPIs
- Audit-ready evidence repositories and operational runbooks
- Executive-level reporting on residual risk and control maturity
- Trained internal teams capable of running the ISMS post-handover
Ready to harden your security posture?
30-minute discovery call. No obligation. Walk away with a clear view of your ISO 27001 readiness.
Book free consultation