Freelance GRC | Risk | Compliance

I am a dedicated and results-driven Cybersecurity and GRC (Governance, Risk, and Compliance) Consultant with over 9 years of hands-on experience helping organizations strengthen their security posture, ensure compliance, and manage risk effectively. My expertise covers industry-recognized frameworks and standards including ISO 27001, SOC 2, PCI-DSS, NIST 800 Series, GDPR, and Cyber Essentials.
My work is grounded in real-world application—supporting clients through the full lifecycle of security programs, from initial assessments and gap analysis to policy development, control implementation, awareness training, audit preparation, and post-audit remediation. I take pride in delivering work that is both technically sound and aligned with business goals.
I have led Third-Party Risk Management (TPRM) programs, building frameworks that assess, monitor, and manage vendor-related risks. Working closely with procurement, legal, and IT teams, I ensure third-party engagements meet security and compliance expectations while minimizing business disruption.
Risk assessments are a core part of my offering. I help clients identify, evaluate, and manage risks across their IT environments—developing and maintaining risk registers, prioritizing mitigation strategies, and tracking progress over time. I’m also experienced in conducting internal audits based on the ISO 27001:2022 standard and using the PDCA (Plan-Do-Check-Act) model.
When it comes to compliance, I’ve supported organizations in achieving and maintaining certifications such as ISO 27001 and PCI-DSS, and in preparing for SOC 2 Type I and II audits. I have coordinated with external auditors, handled control walkthroughs, and implemented corrective actions to close gaps. My role often includes translating audit findings into clear, actionable plans that reduce risk and improve overall program maturity.
One of my strengths is communication—whether it’s writing clear policies, presenting risk updates to executive leadership, or training employees on cybersecurity awareness. I regularly bridge the gap between technical teams and business leaders to ensure security initiatives are well understood and effectively adopted.
My certifications include:

• Certified Information Security Manager (CISM)
• ISO 27001 / ISO 42001 Lead Auditor & Lead Implementer
• CompTIA Security+
• ITIL v3 Foundation
• (CISSP in progress)

I’ve worked with companies across the UK and South Africa, bringing both global standards and regional compliance knowledge to the table. I approach every project with flexibility, professionalism, and a genuine commitment to helping clients stay secure and audit-ready.
Whether you need help implementing ISO 27001, managing vendor risk, conducting audits, or simply ensuring your compliance program runs smoothly—I'm here to support your goals with expert guidance and practical solutions.