12/15/2025 updated
100 % available
CYBER SECURITY GOVERNANCE, RISK & COMPLIANCE EXPERT
Kai Iwi, New Zealand
Only remote
Master of Digital Business; Bachelor of Computing SystemsCertified Information Systems Security ProfessionalCertified Information Security ManagerComputer SecurityGovernanceGovernance Risk Management and ComplianceInformation Technology AuditISO/IEC 27000ISO/IEC 27001ISO/IEC 27000-SeriesRisk AnalysisCertified Information Systems AuditorIT General Controls (ITGC)National Institute of Standards and Technology (NIST)
IT security, cyber security, information security, IT audit, ITGCs, ISO27001, NZISM, NIST CSF
Languages
GermanNative speakerEnglishFluent
Project history
Clients include but are not limited to public sector clients, Health New Zealand, Ministry of Social Development and New Zealand Parliamentary Services and telecommunications provider Spark. In a consulting capacity, I was:
- Performing Certification and Accreditation (C&A) activities.
- Optimising C&A processes to enable risk-based assurance.
- Supporting Cyber Security Uplift initiatives.
- Working towards compliance of cloud technology stacks with security standards.
- Security posture reporting.
- Collaborating with project teams and product owners to better embed security into day-to-day development and operational activities.
- Supporting the development of enterprise capabilities to reduce overheads and enhance organisational performance.
- Developing risk management procedures to ensure security findings are captured, tracked and remediated.
- Creating third-party security questionnaires and reviewing third-party suppliers from a security perspective.
- Defining security policies, standards and procedures.
- Being a trusted advisor to the business and proactively helping them meet their goals by taking a pragmatic approach to security.
- Investigating root causes of security findings, creating visibility over vulnerabilities and working with teams to help address issues at the core to prevent/minimise their reoccurrence.