Consulting Services
🔒 Information Security Management
A strong security posture starts with structure, not technology. I will work with you to design and strengthen information security management systems (ISMS) that align with strategic goals and industry standards such as ISO/IEC 27001 and the NIST Cybersecurity Framework.
I can help you with:
-
Developing or reviewing information security policies and governance structures
-
Advising on metrics, oversight mechanisms, and accountability models
-
Supporting the development and maturity of your ISMS
-
Preparing for audits or certification (e.g. ISO 27001)
The goal is to embed security into your day-to-day operations, not just to satisfy compliance, but to enable long-term confidence and control.
📊 IT Risk Management
Understanding and managing risk is the foundation for informed decision-making. I take a structured, practical approach based on ISO 27005, ISO 31000, and COBIT to help you identify, assess, and respond to risk in a way that supports both compliance and performance.
Services include:
- Developing risk registers and control assessments tailored to your organisation
- Embedding risk treatment processes into your governance model
- Facilitating risk workshops, internal audits, and reporting mechanisms
- Aligning with regulatory or certification requirements
By integrating risk into your strategic thinking, we surface issues before they escalate, and turn uncertainty into actionable insight.
♻️ Business Continuity & Disaster Recovery (BCDR)
Disruption is inevitable. Resilience is intentional. I will support you in designing and implementing BCDR strategies that ensure service continuity and a structured recovery process.
Drawing on ISO 22301, NIST SP 800-34, and my own layered DR methodology, I focus on clarity, accountability, and operational readiness.
Services include:
- Developing both BC and DR plans aligned with real operational dependencies and risks
- Conducting Business Impact Analysis (BIA) and dependency mapping
- Designing governance and escalation models for incident response
- Reviewing and testing recovery capabilities against strategic goals
This is not just documentation, you need real world readiness, accountability, and the ability to recover with clarity and control.
⚙️ Governance Frameworks: Enabling Structure
Frameworks such as COBIT 2019, ISO standards, and NIST guidelines form a solid backbone for governance, but only when tailored to your organisation.
I will help you make sense of these frameworks and apply them effectively. Whether you’re establishing a cybersecurity programme, refining an existing approach, or preparing for regulatory alignment, I’ll help you use these tools to support rather than constrain your objectives.
📞 Get in Touch
If you’re seeking structured, strategic input on security governance, IT risk, or resilience planning, I can offer flexible engagement models, ranging from fixed-scope advisory work to embedded consultancy.