Oslo, Oslo, Norway
With a robust foundation in management and a passion for the technical intricacies of information security, I am a seasoned professional who likes to try bridging the gap between complex technical requirements and strategic business objectives. My career has been dedicated to safeguarding organizational assets through the implementation of robust GRC frameworks, ensuring compliance with internal policies, information security laws, GDPR, and various industry standards such as CIS Critical Security Controls, NIST CyberSecurity Framework, ISO27001/2, and ISF SoGP/IRAM2. 🔍 Management Expertise: - Spearheading Information Security & Risk Management initiatives. - Crafting and evangelizing Information Security Policies and Awareness programs. - Conducting comprehensive Security Assessments and managing Vendor relationships. - Expertly navigating Outsourcing Bids, Configuration, and Change Management processes. - Ensuring stringent adherence to GDPR and other regulatory requirements. - Leveraging ITIL methodologies to streamline IT services. 🛠 Technical Proficiency: - Accredited in Information Security (GIAC GSEC, GCCC) and GRC platforms (Eramba, RiskVision). - Well-versed in AWS cloud security, Microsoft security, Citrix, IDS/IPS and XDR solutions. - Skilled in several programming and scripting languages. - Proficient in database management, and Linux optimization and security. - Knowledgeable in storage solutions, firewalls, networking and virtualization solutions. 🌐 Specialties: I thrive on the challenge of maintaining a dual focus on management responsibilities and technical expertise. Information security and risk management are at the core of my professional journey. I am committed to staying ahead of the curve in the ever-evolving landscape of computer-related subjects, balancing my time between leading teams and diving deep into technical challenges.
Responsible for information security across all branches. This includes implementation of security related policies and supporting governance documents, operational support and awareness training to managers and employees, and contributing to defining and executing on the security strategy.
* Information Security Risk analysis and management * Classification and analysis of assets * Incident Response * Threat and Vulnerability management * Security consulting, awareness activities and training
http://www.pavei.com Built in 1999, sold to Inpoc (Schibsted Telecom) in 2000, abandoned as a focal point by Inpoc in 2002 - and run as a non-profit website by me between 2002 and 2011.
Organizational roles: Responsible for IT security in Arrive (2003-2009). Technical manager for the Storage, Security and Virtualization team (2005-2009). ITIL roles: Change Manager (2006-2007), Service Asset and Configuration Manager (2005-2008), IT Service Continuity Manager (2008-2009), Some key skill-aquiring tasks during my employment: Development and management of the Information Security management system (ISMS). Extensive security consulting for customers within the railroad and transportation sector. Project member with security responsibility on several large projects. Highly involved in Service Catalogue development. Configuration management and development of the CMDB tool used by Arrive. Involved in several large bids both as service provider and as customer.
Part time development of www.pavei.com, a PDA portal that I sold to Inpoc AS (Schibsted Telecom AS) in 2000.