Hobro, North Denmark Region, Denmark
Most organisations work with information security to meet requirements. There is nothing wrong with that in itself. The issue is that it too often results in documentation and processes that no one actually uses — but everyone hopes will pass an audit. I work with information security and GRC with one goal: - to turn regulatory requirements such as NIS2 and ISO 27001 into something that actually works in practice. This typically involves: - Ensuring documentation is actively used and reduces dependency on individuals - Prioritising risks based on real-world impact — not just frameworks - Handling necessary regulatory requirements correctly, without making the organisation unnecessarily complex - Making the secure way of working the easiest way Good documentation reduces risk. Bad documentation creates complexity without value. Change in information security is ultimately a management responsibility. But the effect only materialises when the organisation is actually able to operate according to what has been decided. A significant part of my work therefore lies in bridging the gap between management decisions and what people can realistically execute in their daily work. I have experience from both the public and private sector, operating at the intersection of business, IT and regulatory requirements. I am not interested in building systems that look right on paper. I am interested in making security work in reality. If you are working with NIS2, ISO 27001, or want to strengthen your security without ending up with a system that only makes sense at audit time — feel free to reach out.
Cyber- & Information Security Consultancy with an ambitious, yet pragmatic approach
- CISO-as-a-Service - Security Advisory focused on Business Value - Cyber Security Strategies and Policies - ISO27001 Implementation - Risk Management/Assesment Advisory - NIS2 - DORA
- Patch & Vulnerability Management, including communicating findings to stakeholders - Implementing Integrated Risk Management based on NIST SP800-53 Rev 5 - Internal ISAE-3000 preparation for Audit based on ISO27001/ISO27002 - Conducting Risk Assessments - Mapping NIST SP800-53 to NIST CSF, CIS Controls v. 7.1 and ISO27001 - Implementing DMARC and DNSSEC
Looking for possibilities in IT regarding system administration in a junior position, junior consultant (preferrably in IT Security with regards to GRC)