Hire the Best Information Security Audit Freelancers
in Canada

I help organizations achieve audit-ready compliance across SOC 2, ISO 27001, NIST SP 800-171, HIPAA, and other security frameworks, with a structured, practical, and results-driven approach. As a Cybersecurity & GRC Consultant, I specialize in designing and implementing complete compliance programs from the ground up, including control mapping, policy development, risk assessments, and audit preparation. I don’t just deliver documentation, I ensure your controls are properly implemented, your evidence is aligned, and your environment is ready to withstand real audits. Recently, I led a full NIST SP 800-171 compliance engagement, developing the SSP and POA&M, supporting control implementation, and bringing the organization to an SPRS score of 110. My expertise covers: • SOC 2 (Type I & II readiness) • ISO 27001 implementation & documentation • NIST SP 800-171 / CMMC compliance • HIPAA security rule alignment • Risk assessments and control frameworks • Policy and procedure development • Audit readiness and evidence preparation What sets my approach apart: • Framework-agnostic methodology (I adapt to your compliance needs) • Practical, implementation-focused guidance (not just theory) • Clear, structured, and audit-ready deliverables If you need to build, fix, or scale your compliance program, I can help you get there efficiently and correctly.

I help startups, small businesses, and growing organizations strengthen IT controls, reduce security risks, and prepare confidently for audits without unnecessary complexity or wasted effort. I bring hands-on experience performing IT risk assessments, control testing, and security reviews across enterprise and regulated environments. My approach is practical and business-focused, not theoretical, ensuring recommendations are realistic, actionable, and aligned with your organization’s size and risk profile. What I Can Help You With ✅ IT General Controls (ITGC) Review & Testing Access controls (user provisioning, terminations, privileged access) Change management controls IT operations & backup controls ✅ SOC / CSAE 3416 / SOX Readiness Support Pre-audit gap assessments Control documentation and walkthroughs Evidence preparation and remediation guidance ✅ IT Risk & Security Assessments Identification of key IT risks Control design and operating effectiveness reviews Risk-based recommendations aligned with business objectives ✅ Vendor & Third-Party IT Risk Reviews Security and control assessments for vendors and service providers Documentation review and risk reporting

As a Chartered IT Professional, I bring over 15 years of global experience delivering strategic advisory and implementation services across cybersecurity, GRC, and digital transformation. I hold certifications including EC-Council C|CISO, CISSA, ISO 27001 Lead Implementer & Auditor, and Google Cybersecurity Certificate, complemented by advanced credentials in identity management, privacy, and data protection. My track record spans management roles with global firms like KPMG and Grant Thornton, and project delivery for clients such as HouseCall MD, Syntervision, Loggi, and DNX VC. I specialize in ISO 27001, SOC 2, C5, ENS, HDS, NIS2, NIST, FedRAMP and cloud security frameworks, delivering actionable insights and compliance solutions that improve resilience, reduce risk, and drive operational excellence. In addition to my technical acumen, I have served as Head of Product Design and Senior Consultant on initiatives totaling over $1M in budget, successfully aligning cybersecurity with product strategy and user-centric design. I have led cross-functional teams through Agile and Scrum methodologies to build secure, scalable solutions that solve complex customer pain points. My deep consulting background includes strategic market research, data analytics, investment due diligence, and process improvement across sectors such as healthcare, life sciences, TMT, logistics, and public sector projects funded by ADB, WHO, and UNESCO. I bring a unique blend of strategic consulting expertise and hands-on technical project execution, making me a reliable partner for clients seeking impactful, results-driven solutions in compliance, digital transformation, and operational excellence. Key Achievements: ✅ Successfully led 8 companies through the SOC 2 Type 2 attestation process, meeting stringent requirements and passing all audits in the first attempt. This achievement significantly enhanced their reputation for data privacy and security. ✅ Guided 4 clients through the rigorous process of achieving ISO 27001 and NIS2 Directive Certificate, ensuring that all security controls and management processes were robust, auditable, and internationally recognized. ✅ Guided 2 clients through HDS and C5 certifications, ensuring that their security posture was aligned with the requirements of both compliance frameworks. ✅ Reduced the costs of IT infrastructure maintenance by 5% for 3 consulted clients ✅ Analyzed business conditions, market/industry trends, competitive influences and demographic factors to identify opportunities of business growth for 5 consulted clients ✅ Created advanced analytics for both internal and marketing use using Tableau, SQL and other BI tools for 4 consulted clients ✅ Managed $400 million donor funded projects as PMO and Project Lead ✅ Performed business process re-engineering for 3 consulted clients ✅ Consulted as lead revenue data analyst on a team responsible for collecting $60M receivables ✅ Repeatedly delivered cost reductions through the implementation of Lean principles, improved scheduling via resource loads and volume analysis ✅ Evaluated and increased operational effectiveness of organizations through the implementation of Continuous Improvement methods and Training/Coaching programs ✅ Identified opportunities within the client organization for improving productivity and operational efficiencies by installing a system by which the client can measure and realize improvement ✅ Analyzed existing processes and applied methodologies to eliminate wasted resources and time for 3 consulted clients

𝗜 𝗵𝗲𝗹𝗽 𝘀𝘁𝗮𝗿𝘁𝘂𝗽𝘀 𝗮𝗻𝗱 𝗿𝗲𝗴𝘂𝗹𝗮𝘁𝗲𝗱 𝘁𝗲𝗮𝗺𝘀 𝗰𝘂𝘁 𝘁𝗵𝗿𝗼𝘂𝗴𝗵 𝘀𝗲𝗰𝘂𝗿𝗶𝘁𝘆 𝗻𝗼𝗶𝘀𝗲 𝗮𝗻𝗱 𝘁𝘂𝗿𝗻 𝗰𝘆𝗯𝗲𝗿 & 𝗔𝗜 𝗿𝗶𝘀𝗸 𝗶𝗻𝘁𝗼 𝗰𝗹𝗲𝗮𝗿, 𝗮𝗰𝘁𝗶𝗼𝗻𝗮𝗯𝗹𝗲 𝗽𝗿𝗶𝗼𝗿𝗶𝘁𝗶𝗲𝘀, 𝗯𝗲𝗳𝗼𝗿𝗲 𝗶𝘁 𝗯𝗲𝗰𝗼𝗺𝗲𝘀 𝗮 𝗯𝗿𝗲𝗮𝗰𝗵, 𝗳𝗮𝗶𝗹𝗲𝗱 𝗮𝘂𝗱𝗶𝘁, 𝗼𝗿 𝗹𝗼𝘀𝘁 𝗱𝗲𝗮𝗹. If you're preparing for SOC 2, dealing with scattered security issues, or trying to operationalize AI governance, I help you move from: 𝗔𝗹𝗲𝗿𝘁𝘀, 𝘁𝗼𝗼𝗹𝘀, 𝗮𝗻𝗱 𝗰𝗼𝗻𝗳𝘂𝘀𝗶𝗼𝗻 𝘁𝗼 𝗰𝗹𝗲𝗮𝗿 𝗿𝗶𝘀𝗸𝘀, 𝗽𝗿𝗶𝗼𝗿𝗶𝘁𝗶𝘇𝗲𝗱 𝗮𝗰𝘁𝗶𝗼𝗻𝘀, 𝗮𝗻𝗱 𝗮𝘂𝗱𝗶𝘁-𝗿𝗲𝗮𝗱𝘆 𝘀𝘁𝗿𝘂𝗰𝘁𝘂𝗿𝗲 𝗪𝗵𝗮𝘁 𝗜 𝗛𝗲𝗹𝗽 𝗬𝗼𝘂 𝗔𝗰𝗵𝗶𝗲𝘃𝗲 - SOC 2 & ISO 27001 readiness without overengineering - AI governance frameworks aligned to NIST AI RMF & ISO 42001 - Clear, prioritized risk posture (not just long reports) - Vendor and third-party risk visibility - Detection systems that produce signal, not noise - Executive-ready dashboards for real decision-making 𝗣𝗿𝗼𝘃𝗲𝗻 𝗜𝗺𝗽𝗮𝗰𝘁 - Cut SIEM alert noise significantly by tuning detection logic and improving rule quality - Built executive dashboards (Power BI) that gave leadership real-time risk visibility - Identified critical control gaps before external audits - Helped teams move from “AI experimentation” to structured governance - Improved vulnerability remediation using risk-based prioritization (fix what actually matters first) 𝗪𝗵𝘆 𝗖𝗹𝗶𝗲𝗻𝘁𝘀 𝗖𝗵𝗼𝗼𝘀𝗲 𝗠𝗲 - I don’t just assess risk, I help you understand what to do next - Strong bridge between technical teams and leadership - Focus on practical, usable controls (not compliance theater) - Experience across startups and enterprise environments - Clear documentation your team can actually use 𝗟𝗲𝘁’𝘀 𝗪𝗼𝗿𝗸 If you’re dealing with security gaps, audit pressure, or unclear AI risk exposure, send me a message. I’ll help you turn it into a clear, structured plan.

I’m a professionally Certified Information Security Leader with 20+ years of experience helping organizations build trust, reduce risk, and achieve compliance in today’s complex threat landscape. I specialize in designing pragmatic, audit-ready security programs tailored to fast-growing SaaS companies, mid-size businesses, and regulated industries. Whether you're pursuing SOC 2, ISO 27001, ISO 27701, NIST CSF, GDPR, HIPAA, or PCI DSS, I bring the hands-on expertise to develop scalable policies, procedures, and controls, while aligning with your business goals and timelines. Over the years, I’ve successfully guided startups and mid-size businesses through certifications and assessments that have directly unlocked new enterprise deals, increased market share, and satisfied investor due diligence. With a strong foundation in Cybersecurity, IT Risk, Vendor & Third-Party Risk, Business Continuity, and Privacy Compliance, I partner with engineering, product, and leadership teams to embed security into your business, not just your checklist. My credentials include CISSP, CCSP, CISA, AWS Solutions Architect, CIPP/E, CIPM, and ISO 27001 Lead Auditor, which reflect both technical depth and strategic insight. You're not just hiring a security consultant, you're gaining a long-term advisor committed to building security that supports growth. - 20+ years in cybersecurity, risk, and compliance leadership - SOC 2, ISO 27001, ISO 27701, NIST CSF, NIST 800-53, GDPR, HIPAA, PCI DSS, CCPA - End-to-end support for audits, readiness assessments, and evidence collection - Policy development, control design, risk assessments, and documentation - GRC tooling expertise: experience with Vanta, Drata, Tugboat, Secureframe, etc. - Third-party & vendor risk management aligned with regulatory expectations - Business Continuity & Disaster Recovery strategy and testing - Startup-friendly mindset: fast execution, clear deliverables, no wasted time - Certifications: CISSP, CCSP, CISA, AWS Solutions Architect, CIPP/E, CIPM, ISO 27001 Lead Auditor

As a Cybersecurity Consultant specializing in Governance, Risk, and Compliance (GRC), I help organizations align their security practices with leading standards and frameworks such as ISO 27001, SOC 2, NIST CSF, and CIS Controls. My goal is to transform complex security requirements into practical, measurable actions that strengthen your security posture and meet audit expectations. With over 3 years of experience in cybersecurity—spanning penetration testing, risk assessment, and compliance readiness—I bridge the gap between technical teams and management to build resilient, policy-driven security programs. Core Expertise: Security governance and compliance assessments (ISO 27001, SOC 2, NIST, GDPR, HIPAA) Risk management, control evaluation, and remediation planning Policy and procedure development (security policies, data protection, incident response, etc.) Vendor risk management and third-party due diligence Gap analysis and audit preparation Security awareness training and documentation support I combine hands-on security experience with a strategic understanding of organizational risk, helping clients establish frameworks that not only pass audits—but genuinely improve business resilience and trust. Let’s work together to align your cybersecurity strategy with business goals and compliance objectives. Reach out today for a consultation or a tailored GRC roadmap.