Oct 2022 – Mar 2023 · 5 mos · Helsinki, Uusimaa, Finland

• Led the ISO 27001 implementation project as an architect and project manager. Prepared the ISMS for certification.
• Responsible for technical compliance across cybersecurity and data privacy domains, ensuring alignment with regulatory requirements and industry best practices.

Jul 2022 – Present · 3 yrs 11 mos · Helsinki, Uusimaa, Finland

• Providing strategic cybersecurity and privacy consulting to organizations across sectors, with a focus on regulatory compliance, cybersecurity and operational resilience. Specialising in ISO 27001, ISO 27701, GDPR, NIS 2 Directive, DORA, and NIST CSF.
• Supporting and mentoring clients in designing and implementing ISMS and privacy programs, conducting gap assessments and audits, developing implementation roadmaps, preparing for certification audits, and delivering training for executives and staff.
• Serving as a trusted advisor to CISOs, DPOs, and senior leadership to align security and privacy practices with business goals.
• Serving as an external Data Protection Officer (DPO) for select clients.
• Additionally, advised GRC vendors on aligning their tools with leading standards and best practices.

Sep 2021 – Oct 2022 · 1 yr 1 mo

• Led the design and implementation of a comprehensive cybersecurity program for the Hanhikivi 1 nuclear power plant, ensuring full compliance with IAEA Nuclear Security guidelines, ISA/IEC 62443 standards, and STUK’s regulatory requirements.
• Managed my team in preparing a complete set of cybersecurity documentation at the nuclear facility level, which was submitted to the Finnish Radiation and Nuclear Safety Authority (STUK) for approval to obtain a construction license.

Jun 2018 – Aug 2021 · 3 yrs 2 mos

• Designed and implemented an Information Security Management System (ISMS) in accordance with ISO 27001, successfully preparing the organisation for initial certification and subsequent re-certifications.
• Established and managed some information security processes from the ground up, including: Internal Information Security Audits, Monitoring and Evaluation of the ISMS, Information Security in Supplier Relationships (including audits), Information Security Awareness, Information Classification and Handling, Information Security Aspects of Business Continuity Management, Preparing for External Audits (ISO 27001 and KATAKRI), Leading the Information Security Committee meetings.
• Served as head of the privacy working group and acted as Data Protection Officer (DPO) from September 2019 to August 2021, designed and implemented a comprehensive Privacy Management System in accordance with ISO 27701 with all necessary policies, templates, and processes to ensure GDPR compliance.

Sep 2019 – Jul 2022 · 2 yrs 10 mos

• Advised startups and helped them develop processes and documents (e.g., Privacy Policy, Privacy Notices, Consents, Data Processing Agreements, DPIA reports, Records of processing activities, Privacy Request Register) for GDPR compliance.
• Provided tailored guidance to founders, developers, security, legal and compliance teams to embed privacy by design into products and services from the outset.

Jul 2015 – Jun 2018 · 2 yrs 11 mos

• Responsible for providing methodological expertise, as well as positioning and promoting cybersecurity products (DLP, GRC, IgA, UEBA, source code scanner) and services (SOC and MDR) to enterprise clients and partners.
• Authored the first edition of the Information Security Risk Management in Outsourcing standard (STO BR IBBS-1.4-2018), published by the Bank of Russia, establishing a regulatory framework for cybersecurity risk management in outsourced services.

May 2013 – Jun 2015 · 2 yrs 1 mo

• Provided methodological expertise for the development of cybersecurity products, including the DLP solution InfoWatch Traffic Monitor, and delivered consulting services to enterprise clients.
• Authored the first revision of the Data Leakage Prevention Standard (RS BR IBS-2.9-2016) for the Bank of Russia, establishing regulatory guidance for DLP implementation across the financial sector.
• Developed a comprehensive DLP implementation toolkit (a set of documents and guidelines on the legal use of DLP from a privacy perspective) and the Insider Threat Mitigation Program to help organisations proactively detect and manage internal security risks.

Jul 2012 – May 2013 · 10 mos

• I was responsible for information security, data protection and business continuity consulting.

May 2011 – May 2012 · 1 yr

• I was responsible for internal information security as well as external consulting.

Apr 2008 – Sep 2011 · 3 yrs 5 mos

• I was responsible for information security (ISO 27001, COBIT, ITIL) and privacy consulting (152-FZ). I implemented 4 ISMSs in accordance with ISO 27001 and several privacy management systems to comply with local requirements.

Feb 2007 – Apr 2008 · 1 yr 2 mos