01/23/2026 updated
100 % available
Business Continuity/Security/GRC/Project Manager
Monor, Hungary BsC CISSP CGRC CBCI PMP FAIR
Governance, Risk Management, and Compliance Executive with 15+ years of international experience delivering measurable outcomes across highly regulated industries, including aviation, financial services, manufacturing, and the public sector. Frequently engaged as a strategic advisor to recover failing initiatives or stabilize high-risk compliance programs, including NIS2, enterprise security governance, and business continuity transformations.
Proven track record of designing and implementing enterprise-level GRC, cybersecurity, and resilience programs aligned with NIS2, DORA, EASA PART-IS, the UK Corporate Governance Code, ISO 27001/22301/27031, PCI-DSS, and NIST 800-53/800-37 frameworks. Successfully deployed RSA Archer and Logicgate platforms to automate risk management, compliance workflows, and third-party risk programs. Conducted FAIR-based risk quantification to enable strategic prioritization and cost-effective control implementation.
Directed critical initiatives including ICFR control design, red teaming, automation of business continuity and IT service continuity management, and audit remediation—delivering regulatory compliance and quantifiable risk reduction. Recognized for combining technical acumen (CISSP, CGRC, FAIR) with delivery leadership (PMP, AMBCI), and for bridging board-level governance with operational execution. Experienced in collaborating with Big 4 firms on audit, compliance, and risk transformation programs. Fluent in English and experienced across EU jurisdictions, bringing strategic leadership to enterprise GRC and regulatory compliance programs.
Proven track record of designing and implementing enterprise-level GRC, cybersecurity, and resilience programs aligned with NIS2, DORA, EASA PART-IS, the UK Corporate Governance Code, ISO 27001/22301/27031, PCI-DSS, and NIST 800-53/800-37 frameworks. Successfully deployed RSA Archer and Logicgate platforms to automate risk management, compliance workflows, and third-party risk programs. Conducted FAIR-based risk quantification to enable strategic prioritization and cost-effective control implementation.
Directed critical initiatives including ICFR control design, red teaming, automation of business continuity and IT service continuity management, and audit remediation—delivering regulatory compliance and quantifiable risk reduction. Recognized for combining technical acumen (CISSP, CGRC, FAIR) with delivery leadership (PMP, AMBCI), and for bridging board-level governance with operational execution. Experienced in collaborating with Big 4 firms on audit, compliance, and risk transformation programs. Fluent in English and experienced across EU jurisdictions, bringing strategic leadership to enterprise GRC and regulatory compliance programs.
Languages
EnglishFluentHungarianNative speaker
Project history
Engaged as a strategic advisor to guide NIS2 compliance implementation across a complex pharmaceutical environment. Led regulatory interpretation, stakeholder coordination, and control design to align enterprise governance with evolving EU cybersecurity obligations.
- Translated NIS2 directive requirements into actionable controls tailored to pharmaceutical and manufacturing operations.
- Streamlined and restructured the NIS2 implementation roadmap by reusing existing enablers, optimizing deliverable sequencing, and resolving conceptual and methodological gaps.
- Facilitated alignment workshops between IT, compliance, and business units to ensure consistent control ownership.
- Supported risk assessments, remediation planning, and compliance documentation for supervisory review.
Initially contracted to lead key GRC initiatives, later elevated to strategic advisor supporting board-level risk governance and regulatory alignment across the enterprise.
Strategic Advisory
Key Program Delivery (2021–2024)
Governance, Risk Management & Compliance:
Cyber Threat Management:
IT Service Continuity Management:
Strategic Advisory
- Serve as lead advisor for enterprise-level initiatives in governance, cybersecurity, and operational resilience.
- Support executive, audit, and compliance stakeholders in aligning with UK Corporate Governance Code 2024, Corporate Transparency Act 2023, and Failure to Prevent Economic Crime reforms.
- Drive enterprise-wide risk governance transformation, covering enterprise risk taxonomy, escalation workflows, and board committee structures.
Key Program Delivery (2021–2024)
Governance, Risk Management & Compliance:
- Established the internal control framework underpinning NIS2 compliance, combining NIST 800-53r5, PCI-DSS v4, GDPR, EASA PART-IS, and UK Civil Aviation Authority guidelines.
- Defined the risk management framework based on NIST 800-37r2, including tailored roles and process models.
- Implemented the LogicGate GRC platform for automation of cyber risk management, control compliance, and third-party risk processes.
- Led FAIR-based risk quantification studies to support risk-based prioritization and control justification.
Cyber Threat Management:
- Directed penetration testing and red team exercises, delivering measurable improvements in cyber defense readiness.
- Transitioned internal SIEM management to a MSSP-led Security Operations Center (SOC) model, improving incident response.
- Initiated MITRE ATT&CK-based assessments to standardize detection maturity and drive continual improvement.
IT Service Continuity Management:
- Built Wizz Air’s unified business resilience framework, designing methodology and authoring core policies, BIA models, and risk tools.
- Enabled integration across BCM, IT service continuity, information security, and third-party risk domains.
- Provided enterprise-wide advisory support to uplift continuity capabilities and align with regulatory requirements.
Led critical remediation efforts following audit findings by De Nederlandsche Bank (DNB), with a focus on identity governance, access management, and enterprise control testing.
- Coordinated Identity and Access Management (IAM) and Privileged Access Management (PAM) initiatives at the corporate level.
- Directed IT control testing aligned with Aegon’s internal control framework, ensuring consistency across global business units.
- Acted as information security liaison for the Corporate Centre within Aegon’s Global Security Forum.