Brian Haman, PhD — Associate Consultant

GRC professional with deep expertise in information security governance, risk management, and regulatory compliance across EU institutions, fintech, and consulting environments. Currently delivering ISO 27001 gap assessments, ISMS documentation, and risk frameworks for clients through Arden Content; previously supporting regulatory governance and risk communications at the European Investment Fund across 27 member states. My path to GRC is unconventional. I have a PhD, and 15 years in academia, criticism, and regulated communications sharpened precisely the skills enterprise GRC demands most: the ability to interrogate complex systems, communicate risk to non-technical stakeholders, and think critically about governance assumptions that practitioners often take for granted. CRISC candidate (Q2 2026). Hands-on technical experience includes Python automation for GRC workflows, zero-trust architecture validation (Cloudflare Tunnel, VLANs, Tailscale), and vulnerability assessment using Nmap, OpenVAS, and Wireshark. Published weekly on cybersecurity governance, AI risk, and ISO/NIST frameworks. Contributor to Corporate Compliance Insights; bylines in the New York Times and The Guardian. Open to mid-senior GRC, information security risk, and compliance roles in Vienna, remotely across the EU, or within EU institutional environments. Particularly interested in regulated sectors where governance depth and analytical rigour matter.

Stackforce AI infers this person is a Cybersecurity and GRC expert with a focus on regulatory compliance in fintech and EU institutions.

Experience: 5 yrs 6 mos