Information Security & AI Governance Leader
Information Security and AI Governance Leader with 11 years experience designing and managing Information Security Management Systems for international companies across North America, EU, Africa, and Asia — and 3 years designing and implementing an AI Management System in an AI company. Two management systems, one method: customized control frameworks for each, hundreds of controls measured on a regular cadence, and maturity that can be evidenced to auditors, executives, and the board.
Two disciplines — Repeatable approaches
Standards-based and auditable methods, applied to information security and to AI governance
Information Security
Design, implement, and mature enterprise ISMS programs grounded in ISO/IEC 27001, NIST CSF 2.0, EU GDPR, NIS2, OWASP materials, and TISAX — providing a fully customized ISMS control framework, quantitative measurement of 330+ controls and KPIs across every domain, and ISMS program maturity projections. Ready for Exec and Board reporting.
- Inventory — assets, systems, and third parties catalogued and classified by risk
- Assessment — risk assessments embedded as a gate for projects, vendors, and change
- Oversight — policy, technical controls, and monitoring enforced across every domain
- Assurance — 330+ controls quantitatively measured on a regular cadence for maturity assessments; certification and client audits sustained
- Certification — ISACA CISM
AI Governance
Design, implement, and mature enterprise AIMS programs built upon ISO/IEC 42001, NIST AI RMF, and the EU AI Act — providing a fully customized AIMS control framework, quantitative measurement of 300+ controls and KPIs across all domains, and AIMS program maturity projections. Addresses third-party and in-house developed AI. Ready for Exec and Board reporting.
- Inventory — AI systems catalogued and classified by risk tier, third-party and in-house
- Assessment — AI impact and risk assessments embedded as a gate before deployment
- Oversight — human oversight, acceptable-use policy, and technical guardrails enforced in operation
- Assurance — 300+ controls quantitatively measured on a regular cadence for maturity assessments; certification and client audit ready
- Certification — IAPP AIGP (Q3 2026)
Evidence — My Approach
Everything above is demonstrated in public artifacts you can access here
Domain expertise
Primary standards, frameworks, and regulations I use to customize management programs
Information Security (ISMS)
- ISO/IEC 27001Information Security Management Systems
- NIST CSF 2.0Cybersecurity Framework
- EU GDPRData protection & privacy compliance
- EU NIS 2 DirectiveEU cybersecurity regulation
- TISAXAutomotive information security assessment
- OWASP ProjectsApplication security standards & Top 10 lists
- OWASP AI ExchangeAI security guidance
AI Governance (AIMS)
- ISO/IEC 42001AI Management Systems
- NIST AI RMFAI Risk Management Framework
- EU AI ActAI regulatory compliance
- OECD AI PrinciplesResponsible AI foundations
- EU GDPRData protection & privacy compliance
- OWASP AI ExchangeAI security guidance