Areas that I'm experienced in and can help you with include:
Risk Management. These services are primarily provided within Operational Risk Management, Financial Reporting Risk Management, IT Risk Management and Project Risk Management.
Development/establishing methodologies, leading practical projects – including establishing business objectives, heading workshops and coordination, performing analyses and providing reporting as foundation for decision making.
Identity and Access Management (IAM). Efficient and effecitve control over access to the company's or authority's IT system is paramount to any form of compliance (such as GDPR, SOX, ISO, Internal policies etc.).
But efficient IAM is also of highest importance to the business in order to maintain integrity and confidentiality of business infomation and to avoid fraud.
Often it is seen that structure and administration of access rights to systems are lenient, which could lead to risk of access creep, non-compliance, fraud or data leakage. Many companies invest in IAM systems to ease administration of persons and their access rights to IT-systems and data, but often the focus is on installing the software and not so much on the actual implementation on the access rights that the system is supposed to support.
Compliance Management. Advice, services and support for compliance with various standards, laws and best practices such as GDPR, Sarbanes-Oxley, ISO27001 and Cobit.
Services related to compliance include project management, establishing and documenting framework, policies, workflow processes and internal controls, establishing baselines and advising/conducting testing, verification, reporting.
Information Security Management. Advice, support and other assistance on establishing overall and detailed information security policies, standards, guidelines – and working practices.
Services builds a large extent based on common Information Security Frameworks such as ISO/IEC2700X, Cobit and CIS and, on the procedural side, also ITIL. The provided implementation of Information Security Management Services includes both organizational as well as technical security aspects, practical advice and support on methodologies and implementation such as coordination with stakeholders, holding workshops, establishing necessary documentation, communication and training and establishing ongoing monitoring processes.
- Internal Controls. Professional services and support on designing, implementing and testing internal controls in business processes and IT processes. Conducting workshops with stakeholders on internal controls and their contexts in complete business workflows.
Business Continuity Management. Advice, services and support related to establishing Business Continuity Plans (BCP). Services include establishment of project; advice, support and heading of workshops on establishing BCP documentation, coordination with stakeholders at all levels of organization and designing and heading drill workshops to determine efficiency of BCP.
Project Management. Experience in general project management from smaller to larger scale projects, including as member of Project Steering Committee, planning, coordination with stakeholders (business, vendors etc.), follow up on project milestones and project financial management.
Special Investigations and Analyses. Support for Fraud Investigation and Master Data Cleanup through Data Analysis
The General Data Protection Regulation (the "GDPR") is a regulation in EU law on data protection and privacy for all residents in EU (European Union) and EEA (European Economic Area). It impacts companies in both EU/EEA countries and non-EU/EEA countries if companies are processing or storing personal data of EU/EEA residents - meaning that the GDPR has a geographical reach beyond the EU/EEA.
The regulation requires both private companies as well as public authorities to have strong focus on controls over how personal data is being stored and used. Read or search the Regulation text here.
GDPR became effective on 25th May 2018 and by that date all companies mentioned above should be compliant. If your compliance efforts are still not quite there yet, I can help you in the journey of becoming compliant (see contact).