James Gerrior

Information Security & AI Governance Leader

Information Security and AI Governance Leader with 11 years experience designing and managing Information Security Management Systems for international companies across North America, EU, Africa, and Asia — and 3 years designing and implementing an AI Management System in an AI company. Two management systems, one method: customized control frameworks for each, hundreds of controls measured on a regular cadence, and maturity that can be evidenced to auditors, executives, and the board.

Two disciplines — Repeatable approaches

Standards-based and auditable methods, applied to information security and to AI governance

Information Security

Design, implement, and mature enterprise ISMS programs grounded in ISO/IEC 27001, NIST CSF 2.0, EU GDPR, NIS2, OWASP materials, and TISAX — providing a fully customized ISMS control framework, quantitative measurement of 330+ controls and KPIs across every domain, and ISMS program maturity projections. Ready for Exec and Board reporting.

  • Inventory — assets, systems, and third parties catalogued and classified by risk
  • Assessment — risk assessments embedded as a gate for projects, vendors, and change
  • Oversight — policy, technical controls, and monitoring enforced across every domain
  • Assurance — 330+ controls quantitatively measured on a regular cadence for maturity assessments; certification and client audits sustained
  • Certification — ISACA CISM

AI Governance

Design, implement, and mature enterprise AIMS programs built upon ISO/IEC 42001, NIST AI RMF, and the EU AI Act — providing a fully customized AIMS control framework, quantitative measurement of 300+ controls and KPIs across all domains, and AIMS program maturity projections. Addresses third-party and in-house developed AI. Ready for Exec and Board reporting.

  • Inventory — AI systems catalogued and classified by risk tier, third-party and in-house
  • Assessment — AI impact and risk assessments embedded as a gate before deployment
  • Oversight — human oversight, acceptable-use policy, and technical guardrails enforced in operation
  • Assurance — 300+ controls quantitatively measured on a regular cadence for maturity assessments; certification and client audit ready
  • Certification — IAPP AIGP (Q3 2026)

Evidence — My Approach

Everything above is demonstrated in public artifacts you can access here

Domain expertise

Primary standards, frameworks, and regulations I use to customize management programs

Information Security (ISMS)

AI Governance (AIMS)

Risk, Continuity & Quality