Overview of IS,  Risk & Compliance Projects

  • ISMS: Design, develop and implement Corporate Information Security Management System (ISMS).
  • Governance structure: Develop, align and implement structure, strategy, organisation, framework and continious Improvement measurements.
  • Policy Framework & Document Management: Develop, implement and maintain policies and procedures for ISO 27001.
  • Gap Analysis: Conduct Gap Analysis, ISO 27001 Pre-Assessment and provide recommendation for implementation to ensure ISO 27001 Certification.
  • Certification Audit: Ensure, manage and coordinate ISO 27001 (Re-)Certification Audit.  
  • IT Supplier Audit: Coordinate, manage and run IT Supplier Audit.
  • Leadgeneration: Deliver security assessments and run contract negotiations to ensure sales generation.
  • Awareness Training: Define, set-up, establish and implement Corporate E-Learning Tool.
  • Disciplinary Process: Assist definition of disciplinary process & ensure implementation of HR Security controls.
  • Access- and Identity Management: Facilitate definition, set up & implementation of role-concept/profiles, leavers/changers process & reports.
  • Ownership Management: Coordinate implementation of ownership Matrix.
  • Asset Management: Define, set-up and ensure roll-out of Inventory of Assets & Data Classification Scheme.
  • Security Cards: Support roll-out & implementation of Security Access Cards.
  • Physical security: Control, coordinate and ensure implementation of physical security peritmers (revolving doors, card readers, reception desk procedures) & equipment security controls (cabling security, power supply, humanity checks)
  • BYOD (Bring Your Own Device): Manage, conduct and provide requirements definition to Senior Management (BoD).
  • System Security: Define policy, control and facilitate set-up and implementation of system security controls (e.g. Back-up, Change Management, Testing, Monitoring procedures)
  • 3rd Party Management: Define, coordinate, set-up and control implemenation of 3rd Party Security control and compliance. Negotiate and ensure relevant contract amendment.
  • Enterprise Risk Management: Facilitate development and implementation of corporate methodology (ISO 31000).
  • Risk Assessment & Treatment Plan: Define, set-up and run roll-out of Annual Risk Assessment plan and process.
  • ORAM: Suppot pilot roll-out of Operational Risk Management Assessment SWIFT process.
  • Risk Assessment Audit: Manage, coordinate, generate & ensure provision of evidence documentation on customer requests for contract negotiation.
  • Control Framework: Design and develop corporate control framework to manage internal and external compliance requirements.
  • ISO 22301 Certification Audit: Coordinate, facilitate and ensure certification.
  • Business Continuity Management: Implement plans, toolset and testing procedure.
  • Continious Improvement:  Implement Quality Assurance, management  reporting and Incident Management controls  and measurements.
  • Incident Reporting: Define and implement procedures and manage security incidents.