Overview
As a seasoned cybersecurity and GRC leader with over 15 years of experience, I specialize in building resilient digital ecosystems that go beyond compliance. My approach combines technical depth, strategic alignment, and executive-level communication to deliver security programs that support business growth.
Whether leading CISO-level functions, designing GRC frameworks, or transforming organizational culture through awareness, I bring clarity, structure, and impact to every engagement.
My focus is simple:
Build security that enables, not restricts. Lead with vision. Operate with resilience.
What I Can Deliver
My Core Capabilities & Leadership Scope
vCISO Leadership
&
Cyber Strategy
✓ CISO-level security program design and governance
✓ Executive-level risk communication & board presentations
✓ Cybersecurity maturity benchmarking and target model creation
✓ Translating business objectives into security initiatives
✓ Leading security transformation in regulated industries (banking, finance, insurance)
✓ Building & mentoring high-performing security teams
✓ Budget planning and security investment prioritization
GRC Program Design & Framework Implementation
✓ ISO 27001, ISO 31000, COBIT 5, and NIST-based GRC architecture
✓ Policy lifecycle management and integrated control design
✓ Risk register setup, treatment plans, and KRIs
✓ Compliance with BRSA, KVKK, GDPR, PCI-DSS
✓ Full ownership of internal/external audit cycles and responses
✓ Mapping security programs to business units and strategic objectives
Risk Management
& Operational Resilience
✓ Enterprise-wide risk identification, analysis, and mitigation
✓ Risk scoring aligned with impact and probability models
✓ Control testing, evidence collection, and effectiveness analysis
✓ Business Continuity Planning (BCP) and Disaster Recovery Strategy
✓ Incident response planning, simulation, and playbook creation
✓ Operational resilience workshops and crisis simulation leadership
Security Awareness & Cultural Change
✓ End-to-end awareness campaign design & content creation
✓ Engaging internal communication strategies (email, posters, video)
✓ Role-based training and security onboarding programs
✓ Phishing simulations, metrics tracking, and behavior correction
✓ Security Champion programs, gamified learning, and long-term habit building
✓ Driving a culture of ownership, not obligation
Leadership DNA
I don’t just manage cybersecurity — I align it with your strategic vision, inspire teams, and build security into your business DNA.
Security is no longer just a control — it’s a capability. I help you design it that way.