Hire the Best Risk Management Specialists

Stop letting compliance block your enterprise sales deals. You have built a great product, but your biggest prospects enterprises, healthcare providers, and banks won't sign the contract until they see your ISO 27001 certificate or SOC 2 Type II report. You don't need a checklist or a template library. You need a strategic partner who can fast-track your audit readiness so you can focus on closing deals. I am a Fractional CISO and Lead Auditor specializing in turning compliance into a competitive advantage for high-growth startups and established enterprises. I don't just "write policies"; I architect the security infrastructure that builds trust with your customers. 🚀 THE "AUDIT-READY" BLUEPRINT I integrate seamlessly with your team (Slack/Teams) to deliver: SOC 2 & ISO 27001 Readiness: From Gap Analysis to Final Audit in 12-16 weeks. Automated Compliance (Vanta/Drata): I configure your Vanta, Drata, or Secureframe instance to automate 80% of evidence collection, saving your engineers hundreds of hours. AI Governance (ISO 42001): Future-proof your AI products against the EU AI Act and NIST AI RMF. Vendor Risk Management: I handle those 100-question security questionnaires from your clients so you don't have to. 🏆 WHY CLIENTS HIRE ME 100% Audit Pass Rate: I have guided 50+ companies through successful external audits. Commercial Focus: I prioritize controls that unblock revenue without slowing down your dev team. Certified Expert: Lead Auditor for ISO 9001, 27001, 14001, 45001. 🛠 TECH STACK Governance: Vanta, Drata, Sprinto, Secureframe. Cloud: AWS, Azure, Google Cloud (GCP). Frameworks: ISO 27001:2022, SOC 2 Type I & II, HIPAA, GDPR, ISO 42001 (AI). 🗣 WHAT CLIENTS SAY "Heena didn't just get us certified; she helped us close a $2M deal with a Fortune 500 bank by handling the security diligence personally." — CEO, FinTech Series B Next Step: If you have an audit deadline approaching or a sales deal stuck in security review, click the "Invite" button. Let's get you audit-ready.

𝐅𝐫𝐚𝐠𝐢𝐥𝐞 𝐜𝐡𝐚𝐨𝐬 𝐩𝐫𝐞𝐭𝐞𝐧𝐝𝐢𝐧𝐠 𝐭𝐨 𝐛𝐞 𝐜𝐚𝐥𝐦? 𝐈 𝐭𝐮𝐫𝐧 𝐭𝐡𝐚𝐭 𝐢𝐧𝐭𝐨 𝐟𝐥𝐨𝐰 𝐂𝐥𝐢𝐜𝐤𝐔𝐩 𝐬𝐲𝐬𝐭𝐞𝐦𝐬 𝐝𝐞𝐥𝐢𝐯𝐞𝐫𝐢𝐧𝐠 𝟓𝟎% 𝐟𝐚𝐬𝐭𝐞𝐫 𝐩𝐫𝐨𝐣𝐞𝐜𝐭𝐬, 𝐳𝐞𝐫𝐨 𝐝𝐞𝐚𝐝𝐥𝐢𝐧𝐞 𝐝𝐫𝐢𝐟𝐭, 𝐚𝐧𝐝 𝟐𝟓+ 𝐡𝐨𝐮𝐫𝐬 𝐬𝐚𝐯𝐞𝐝 𝐰𝐞𝐞𝐤𝐥𝐲. 𝐂𝐚𝐥𝐦 𝐢𝐬𝐧’𝐭 𝐥𝐮𝐜𝐤 𝐢𝐭’𝐬 𝐚𝐫𝐜𝐡𝐢𝐭𝐞𝐜𝐭𝐮𝐫𝐞. By helping teams and 𝗕𝘂𝘀𝗶𝗻𝗲𝘀𝘀𝗲𝘀 𝘁𝗿𝗮𝗻𝘀𝗳𝗼𝗿𝗺 𝗗𝗶𝘀𝗰𝗼𝗻𝗻𝗲𝗰𝘁𝗲𝗱 𝗽𝗿𝗼𝗰𝗲𝘀𝘀𝗲𝘀 into streamlined, automated systems that actually deliver results. As a 𝗣𝗠𝗣 𝗣𝗿𝗼𝗷𝗲𝗰𝘁 𝗠𝗮𝗻𝗮𝗴𝗲𝗿, 𝗖𝗹𝗶𝗰𝗸𝗨𝗽 V𝗲𝗿𝘁𝗶𝗳𝗶𝗲𝗱 𝗖𝗼𝗻𝘀𝘂𝗹𝘁𝗮𝗻𝘁, and 𝗕𝘂𝘀𝗶𝗻𝗲𝘀𝘀 𝗔𝗻𝗮𝗹𝘆𝘀𝘁, I design scalable 𝗣𝗿𝗼𝗷𝗲𝗰𝘁 𝘀𝘁𝗿𝘂𝗰𝘁𝘂𝗿𝗲𝘀, 𝗔𝘂𝘁𝗼𝗺𝗮𝘁𝗲 𝗥𝗲𝗰𝘂𝗿𝗿𝗶𝗻𝗴 𝗪𝗼𝗿𝗸𝗳𝗹𝗼𝘄𝘀, and keep teams aligned from concept to delivery. 𝗣𝗿𝗼𝗷𝗲𝗰𝘁 𝗠𝗮𝗻𝗮𝗴𝗲𝗺𝗲𝗻𝘁 𝗘𝘅𝗽𝗲𝗿𝘁𝗶𝘀𝗲 I create robust project plans using 𝗔𝗴𝗶𝗹𝗲, 𝗦𝗰𝗿𝘂𝗺, and 𝗛𝘆𝗯𝗿𝗶𝗱 𝗙𝗿𝗮𝗺𝗲𝘄𝗼𝗿𝗸𝘀, ensuring total visibility and accountability at every level. From 𝗪𝗼𝗿𝗸 𝗕𝗿𝗲𝗮𝗸𝗱𝗼𝘄𝗻 𝗦𝘁𝗿𝘂𝗰𝘁𝘂𝗿𝗲𝘀 (𝗪𝗕𝗦) and 𝗚𝗮𝗻𝘁𝘁 𝗖𝗵𝗮𝗿𝘁𝘀 to 𝗣𝗿𝗼𝗷𝗲𝗰𝘁 𝗕𝘂𝗱𝗴𝗲𝘁𝗶𝗻𝗴, 𝗥𝗼𝗹𝗲 𝗠𝗮𝗽𝗽𝗶𝗻𝗴, and 𝗪𝗼𝗿𝗸𝗳𝗹𝗼𝘄 𝗢𝗽𝘁𝗶𝗺𝗶𝘇𝗮𝘁𝗶𝗼𝗻, my approach eliminates inefficiency before it spreads. I’ve delivered successful outcomes in 𝗗𝗶𝗴𝗶𝘁𝗮𝗹 𝗣𝗿𝗼𝗷𝗲𝗰𝘁 𝗠𝗮𝗻𝗮𝗴𝗲𝗺𝗲𝗻𝘁, 𝗦𝗼𝗳𝘁𝘄𝗮𝗿𝗲 𝗗𝗲𝘃𝗲𝗹𝗼𝗽𝗺𝗲𝗻𝘁 𝗣𝗿𝗼𝗷𝗲𝗰𝘁𝘀, and 𝗖𝗿𝗼𝘀𝘀-𝗙𝘂𝗻𝗰𝘁𝗶𝗼𝗻𝗮𝗹 𝗟𝗲𝗮𝗱𝗲𝗿𝘀𝗵𝗶𝗽, leveraging platform like 𝗖𝗹𝗶𝗰𝗸𝗨𝗽, 𝗝𝗶𝗿𝗮, 𝗔𝘀𝗮𝗻𝗮, 𝗧𝗿𝗲𝗹𝗹𝗼, 𝗡𝗼𝘁𝗶𝗼𝗻, 𝗠𝗼𝗻𝗱𝗮𝘆.𝗰𝗼𝗺, and 𝗠𝗶𝗰𝗿𝗼𝘀𝗼𝗳𝘁 𝗣𝗿𝗼𝗷𝗲𝗰𝘁. These tools become real systems not just task lists with 𝗔𝘂𝘁𝗼𝗺𝗮𝘁𝗲𝗱 𝗗𝗲𝗽𝗲𝗻𝗱𝗲𝗻𝗰𝗶𝗲𝘀, 𝗠𝗶𝗹𝗲𝘀𝘁𝗼𝗻𝗲 𝗧𝗿𝗮𝗰𝗸𝗶𝗻𝗴, and 𝗥𝗲𝗮𝗹-𝘁𝗶𝗺𝗲 𝗥𝗲𝗽𝗼𝗿𝘁𝗶𝗻𝗴 𝗗𝗮𝘀𝗵𝗯𝗼𝗮𝗿𝗱𝘀. 𝗕𝘂𝘀𝗶𝗻𝗲𝘀𝘀 𝗔𝗻𝗮𝗹𝘆𝘀𝗶𝘀 𝗧𝗵𝗮𝘁 𝗗𝗿𝗶𝘃𝗲𝘀 𝗔𝗰𝘁𝗶𝗼𝗻: Behind every high-performing workflow is sharp business analysis. I bridge strategy and execution with expertise in: - 𝗥𝗲𝗾𝘂𝗶𝗿𝗲𝗺𝗲𝗻𝘁𝘀 𝗘𝗹𝗶𝗰𝗶𝘁𝗮𝘁𝗶𝗼𝗻, 𝗦𝘁𝗮𝗸𝗲𝗵𝗼𝗹𝗱𝗲𝗿 𝗠𝗮𝗻𝗮𝗴𝗲𝗺𝗲𝗻𝘁, 𝗮𝗻𝗱 𝗗𝗮𝘁𝗮 𝗔𝗻𝗮𝗹𝘆𝘀𝗶𝘀 - 𝗕𝘂𝘀𝗶𝗻𝗲𝘀𝘀 𝗣𝗿𝗼𝗰𝗲𝘀𝘀 𝗠𝗼𝗱𝗲𝗹𝗶𝗻𝗴 𝗮𝗻𝗱 𝗖𝗵𝗮𝗻𝗴𝗲 𝗠𝗮𝗻𝗮𝗴𝗲𝗺𝗲𝗻𝘁 - 𝗨𝘀𝗲𝗿 𝗦𝘁𝗼𝗿𝘆 𝗪𝗿𝗶𝘁𝗶𝗻𝗴, 𝗣𝗿𝗼𝘁𝗼𝘁𝘆𝗽𝗶𝗻𝗴, 𝗮𝗻𝗱 𝗠𝗮𝗻𝘂𝗮𝗹 𝗤𝗔 𝗧𝗲𝘀𝘁𝗶𝗻𝗴 - 𝗥𝗶𝘀𝗸 𝗔𝗻𝗮𝗹𝘆𝘀𝗶𝘀 𝗮𝗻𝗱 𝗣𝗿𝗼𝗰𝗲𝘀𝘀 𝗢𝗽𝘁𝗶𝗺𝗶𝘇𝗮𝘁𝗶𝗼𝗻 Whether it’s building a 𝗕𝘂𝘀𝗶𝗻𝗲𝘀𝘀 𝗥𝗲𝗾𝘂𝗶𝗿𝗲𝗺𝗲𝗻𝘁𝘀 𝗗𝗼𝗰𝘂𝗺𝗲𝗻𝘁 (𝗕𝗥𝗗), 𝗙𝘂𝗻𝗰𝘁𝗶𝗼𝗻𝗮𝗹 𝗥𝗲𝗾𝘂𝗶𝗿𝗲𝗺𝗲𝗻𝘁𝘀 𝗗𝗼𝗰𝘂𝗺𝗲𝗻𝘁 (𝗙𝗥𝗗), or complete 𝗦𝗼𝗳𝘁𝘄𝗮𝗿𝗲 𝗥𝗲𝗾𝘂𝗶𝗿𝗲𝗺𝗲𝗻𝘁𝘀 𝗦𝗽𝗲𝗰𝗶𝗳𝗶𝗰𝗮𝘁𝗶𝗼𝗻 (𝗦𝗥𝗦), I ensure technical clarity, business alignment, and smooth developer handoff. 𝗗𝗼𝗰𝘂𝗺𝗲𝗻𝘁𝗮𝘁𝗶𝗼𝗻 & 𝗧𝗲𝗰𝗵𝗻𝗶𝗰𝗮𝗹 𝗪𝗿𝗶𝘁𝗶𝗻𝗴: Clarity is the foundation of every project. I craft precise, 𝗦𝘁𝗿𝘂𝗰𝘁𝘂𝗿𝗲𝗱 𝗗𝗼𝗰𝘂𝗺𝗲𝗻𝘁𝗮𝘁𝗶𝗼𝗻 including: - 𝗣𝗥𝗗𝘀, 𝗕𝗥𝗗𝘀, 𝗙𝗥𝗗𝘀, 𝗨𝗫 𝗕𝗿𝗶𝗲𝗳𝘀, 𝗔𝗣𝗜 𝗗𝗼𝗰𝘀, 𝗧𝗲𝘀𝘁 𝗣𝗹𝗮𝗻𝘀, 𝗙𝗲𝗮𝘀𝗶𝗯𝗶𝗹𝗶𝘁𝘆 𝗥𝗲𝗽𝗼𝗿𝘁𝘀, 𝗠𝗮𝗿𝗸𝗲𝘁 𝗔𝗻𝗮𝗹𝘆𝘀𝗲𝘀, and 𝗖𝗮𝘀𝗲 𝗦𝘁𝘂𝗱𝗶𝗲𝘀. - Tools like 𝗖𝗼𝗻𝗳𝗹𝘂𝗲𝗻𝗰𝗲, 𝗚𝗶𝘁𝗕𝗼𝗼𝗸, 𝗟𝘂𝗰𝗶𝗱𝗰𝗵𝗮𝗿𝘁, 𝗗𝗿𝗮𝘄.𝗶𝗼, 𝗙𝗶𝗴𝗺𝗮, 𝗩𝗶𝘀𝗶𝗼, and 𝗠𝗶𝗿𝗼 help visualize and communicate complex systems from 𝗨𝗠𝗟 𝗗𝗶𝗮𝗴𝗿𝗮𝗺𝘀, 𝗘𝗥𝗗𝘀, 𝗮𝗻𝗱 𝗗𝗙𝗗𝘀 𝘁𝗼 𝗔𝗿𝗰𝗵𝗶𝘁𝗲𝗰𝘁𝘂𝗿𝗲 𝗠𝗮𝗽𝘀 and 𝗪𝗶𝗿𝗲𝗳𝗿𝗮𝗺𝗲𝘀. 𝗦𝗰𝗿𝘂𝗺 & 𝗔𝗴𝗶𝗹𝗲 𝗟𝗲𝗮𝗱𝗲𝗿𝘀𝗵𝗶𝗽: I lead full-cycle 𝗦𝗰𝗿𝘂𝗺 𝗖𝗲𝗿𝗲𝗺𝗼𝗻𝗶𝗲𝘀, 𝗦𝗽𝗿𝗶𝗻𝘁 𝗣𝗹𝗮𝗻𝗻𝗶𝗻𝗴, refinement, daily stand-ups, retrospectives, and backlog prioritization with tools like 𝗝𝗶𝗿𝗮, 𝗖𝗹𝗶𝗰𝗸𝗨𝗽, 𝗮𝗻𝗱 𝗡𝗼𝘁𝗶𝗼𝗻.. I make sure sprint goals are tied to 𝗠𝗲𝗮𝘀𝘂𝗿𝗮𝗯𝗹𝗲 𝗞𝗣𝗜𝘀 and team outputs stay transparent and trackable. 𝗔𝘂𝘁𝗼𝗺𝗮𝘁𝗶𝗼𝗻 & 𝗜𝗻𝘁𝗲𝗴𝗿𝗮𝘁𝗶𝗼𝗻: Why waste hours on tasks that could run themselves? I build 𝗠𝗮𝗸𝗲.𝗰𝗼𝗺 𝗮𝗻𝗱 𝗭𝗮𝗽𝗶𝗲𝗿 𝗔𝘂𝘁𝗼𝗺𝗮𝘁𝗶𝗼𝗻𝘀 that sync your apps (𝗦𝗹𝗮𝗰𝗸, 𝗛𝘂𝗯𝗦𝗽𝗼𝘁, 𝗔𝗶𝗿𝘁𝗮𝗯𝗹𝗲, 𝗭𝗼𝗵𝗼, 𝗲𝘁𝗰.), cut down 𝗥𝗲𝗽𝗲𝘁𝗶𝘁𝗶𝘃𝗲 𝗔𝗱𝗺𝗶𝗻 𝗪𝗼𝗿𝗸, and keep data flowing Smoothly across your systems. 𝗥𝗲𝘀𝘂𝗹𝘁𝘀 𝗧𝗵𝗮𝘁 𝗦𝘁𝗶𝗰𝗸: - 𝟯𝟬–𝟱𝟬% 𝗳𝗮𝘀𝘁𝗲𝗿 𝗱𝗲𝗹𝗶𝘃𝗲𝗿𝘆 𝗰𝘆𝗰𝗹𝗲𝘀 - 𝟭𝟬𝟬% 𝘃𝗶𝘀𝗶𝗯𝗶𝗹𝗶𝘁𝘆 𝘁𝗵𝗿𝗼𝘂𝗴𝗵 𝗰𝘂𝘀𝘁𝗼𝗺 𝗱𝗮𝘀𝗵𝗯𝗼𝗮𝗿𝗱𝘀 - 𝗔𝘂𝘁𝗼𝗺𝗮𝘁𝗲𝗱 𝘁𝗮𝘀𝗸 𝗳𝗹𝗼𝘄𝘀 𝗮𝗻𝗱 𝗿𝗲𝗽𝗼𝗿𝘁𝗶𝗻𝗴 - 𝗖𝗼𝗻𝘀𝗶𝘀𝘁𝗲𝗻𝘁 𝘁𝗲𝗮𝗺 𝗮𝗰𝗰𝗼𝘂𝗻𝘁𝗮𝗯𝗶𝗹𝗶𝘁𝘆 𝗮𝗻𝗱 𝗰𝗼𝗺𝗺𝘂𝗻𝗶𝗰𝗮𝘁𝗶𝗼𝗻 𝗰𝗹𝗮𝗿𝗶𝘁𝘆 If your projects need structure, clarity, and scalable systems that work even when you’re not watching you’re in the right place. → Click “𝗜𝗻𝘃𝗶𝘁𝗲 𝘁𝗼 𝗝𝗼𝗯” and let’s build a workflow that runs like a business should fast, clear, and fully optimized.

Most PMOs produce reports. I build the systems that produce decisions. After 12 years running project controls on programs from $60M to $400M (EPC, construction, SaaS, ERP), I've seen the same pattern: PMOs that track everything but influence nothing. Executives get slide decks. Nothing gets decided. I come in, find the real gaps, and build governance frameworks, executive dashboards, and AI-powered PMO systems that leadership actually opens on Monday morning. What I build: → PMO governance from scratch: RAID logs, intake processes, change control workflows, RACI charts, and templates teams actually use (not bypass) → Executive dashboards (Power BI + Smartsheet) with live CPI/SPI, S-Curves, risk heatmaps, and one-page flight plans → AI-powered PMO operating systems: automated status synthesis, risk flagging, and reporting via Make + Claude API → Integrated master schedules in Primavera P6 and MS Project: from 25-project construction portfolios to 5,000-task EPC programs → EVM reporting (CPI, SPI, variance analysis) that finance and executives can read without a translator At Algonquin College, I built the PMO governance framework for a $75M ERP transformation across 7+ workstreams, eliminated 10+ hours per week of manual reporting, chaired the Change Control Committee, and integrated MS Project, SharePoint, JIRA, and Excel into a single reporting system. Over the past year I've extended this work into small businesses and SaaS development companies, teams that need the same discipline but with a lean approach. For these clients I typically deploy Smartsheet or Asana as the operating backbone, scaled to fit the team size and budget without the enterprise overhead. ------------------------------------------------- How I work: I don't need 3 weeks of onboarding calls before I start. I diagnose fast, build faster, and hand off with documentation your team can actually use. Week 1 - Diagnostic: I find the real problems, not just the obvious ones. Week 2–3: Build: governance frameworks, dashboards, automation, schedules. Delivery: A working system, full handoff documentation, and a 30-minute walkthrough call. Everything is deliverable-driven and async-friendly. If you want structured weekly check-ins, I build those in. If you prefer async-only, that works too. I respond within 12–24 hours and communicate in plain language, no consultant-speak. Not sure if this is the right engagement? Start with the Free PMO Health Check [link in profile] before you commit to anything. ------------------------------------------------- What clients say: "Grateful for Amir's expertise in all things PMO, governance and the hands on ability to demonstrate how to execute. The most difficult challenge at Algonquin was controlling the hybrid approach which included getting change management buy-in for the various ceremonies, multiple control tools (vendor/3rd party included) such as MS Project/Project Server, SharePoint, Jira, Service Now, SmartSheets and Azure DevOps. Amir is tremendously skilled in monitoring the governance impacts in near real time and making the necessary adjustments for delivery. I always think of Amir for his early consultation when I need to approach a new engagement. Thanks Amir!" Sam Wong - Algonquin College ------------------------------------------------------ "Amir has been working with our organization "PAND Settlement Service" for the past six years in various capacities, including five years as a strategic advisor and board member, where he played a key role in building the governance backbone of our organization. His strategic mindset, structured approach, and ability to translate complex project data into clear executive direction have significantly strengthened our operational efficiency and long-term planning. In addition to his leadership contributions, Amir has delivered high-impact PMP, Excel, and Project Management workshops for our community and designed a comprehensive Educational Email Course for our employment program, all of which received remarkable feedback. Most recently, as a member of our Board of Directors, he continues to advise at the executive level, providing valuable insight on organizational roadmap development and strategic growth." Kaveh Shakouri - Board Member at PAND Settlement Services -------------------------------------------------------- PMO implementation | PMO governance | executive dashboard | Power BI | Smartsheet | project controls | Primavera P6 | MS Project | earned value management | EVM | integrated master schedule | critical path analysis | RAID log | change control | AI automation | Make | PMO health check | portfolio management | EPC project management | construction scheduling | ERP implementation | project management consultant | PMP | governance framework | risk management | business analysis | process mapping | PMO setup | project portfolio management

🔒 You need security that actually works — not a report that says it does. The organisations I work with want to find the vulnerabilities that matter, fix them with confidence, and get on with growing their business without security becoming the thing that stops them. I have delivered over 1,000 commercial penetration tests across 27 years. Not side projects. Not internal assessments. Full mission-critical engagements for high street and investment banks, hedge funds, insurance firms, government departments, police, military, national infrastructure, retailers, law firms, airports and more. I led the security architecture for the Athens 2004 Olympics internet-facing systems. I was lead architect on the UK Cyber Essentials scheme at launch. I have published in commercial security press and guest lectured at universities. There is a difference between someone who does penetration testing and someone who has seen every flavour of environment, every attack pattern, and every way organisations deceive themselves about their security posture. That difference is what you are hiring. 🎯 Where can I help: 🗡️ Network & Infrastructure Penetration Testing — adversarial testing of internal and external infrastructure, finding exploitable exposures before an attacker does. 🌐 Application Penetration Testing — web application and API security testing against real attack patterns: authentication, authorisation, input handling and business logic flaws. ☁️ Microsoft 365 Security Assessment — Entra ID, Conditional Access, PIM, Intune, DLP, sensitivity labelling, Exchange Online and Defender for Office 365. 🔷 Azure Security Assessment — identity and access management, network controls, storage and key management, Defender for Cloud posture, and monitoring coverage. 🟢 Google Workspace, GCP & AWS Security Assessments — configuration and access control assessments across Google and Amazon cloud environments. 🏛️ Security Architecture and Risk Advisory — senior technical input on architecture decisions, control design and risk without a full engagement commitment. 👤 Every engagement is delivered directly by me — David Morgan, founder of Metis Security. No account management layer, no junior handoffs, no templated output. You work with the person conducting the analysis and writing the report. 📋 How I work is as important as what I find Every finding in my reports is one I will defend as genuinely material to your environment. No padding, no low-hanging fruit included to justify the fee, no default risk ratings copied from a scanner. If your context changes the risk, the rating reflects that. What you receive: ✅ A visually structured report with clear separation between executive summary, findings and remediation roadmap — written to be read by people who are not security specialists ✅ Risk ratings adjusted to your specific environment and context, not defaulted from a tool ✅ A prioritised remediation roadmap so your team knows exactly what to fix first and why it matters commercially ✅ Immediate escalation of any high-risk finding or schedule-affecting issue during the engagement — you are never waiting until the end to hear something important ✅ Daily status updates so you always know where the engagement stands ✅ A debrief call at close to walk through findings, answer questions and finalise the report before it is delivered CISSP | ISSAP | Microsoft Security certifications | 27 years If you need to know whether your environment is genuinely secure — not whether it looks configured — I am worth a conversation.

I am an accomplished risk management professional with extensive experience managing Third Party risk management (TPRM) from onboarding to offboarding of all vendors, Vendor risk management covering Cyber Security, Data Privacy and Information security, Risk management, Risk assessment, Designing TPRM framework, Third Party, Risk Assurance, Contract Review/Due Diligence, Procurement Governance/Assurance Review, Project Management, Stakeholder management, My expertise spans across designing and implementing comprehensive TPRM frameworks, overseeing risk assessments, and managing vendor-related activities. Core Competencies: a) Third-Party Risk Management (TPRM): I lead and oversee the entire risk assessment and due diligence process for third-party vendors. This includes managing the onboarding processes and checklists to ensure thorough risk evaluations. I design and implement detailed TPRM project plans, outlining tasks, timelines, and milestones to ensure effective risk management. b) Vendor and Contract Management: My role involves handling contract management processes for hardware and software, including new contracts, amendments, and renewals. I coordinate with external vendors, internal stakeholders, and legal teams to ensure timely contract execution and issue resolution. c) Stakeholder Engagement: I engage with key stakeholders from various departments and external vendors to ensure smooth communication and collaboration throughout the risk management process. I manage expectations and provide direction on risk assessments and non-compliance issues. d) Risk Assessment and Audits: I conduct comprehensive risk assessments and audits focusing on people, processes, and technology. My work includes identifying gaps, risks, and opportunities for improvement, and providing recommendations for enhancing policies and standards. e) Reporting and Process Improvement: I create regular reports on the status of third-party assessments, highlighting roadblocks and key issues to management and stakeholders. I have successfully implemented process improvements, such as transitioning quarterly scorecard activities from manual processes to Google Forms to minimize errors and enhance efficiency. f) Team Leadership and Development: I lead and develop teams of TPRM specialists and consultants, providing knowledge sharing, training, and motivation. I manage projects, stakeholder presentations, and client relationships to drive successful outcomes.

With over 20 years of executive-level experience in AML, financial crime prevention, and regulatory compliance, I help high-growth and high-risk businesses build regulator-ready compliance programs without the cost of a full-time hire. As the Founder /CEO of consulting firm, I deliver fractional Chief Compliance Officer (CCO), BSA Officer, CAMLO, and MLRO services to FinTechs, Crypto firms, MSBs, Payment Processors, Gaming platforms, and E-Commerce businesses across North America, Europe, and the Middle East. My clients — from pre-revenue startups to scaling enterprises — rely on me to reduce regulatory risk, secure banking relationships, onboard to payment gateways, and build compliance programs that satisfy regulators, auditors, and banking partners alike. What I Do for Clients - Fractional Compliance Leadership - Experienced CCO and BSA Officer support on a part-time or project basis - AML Program Design & Remediation - End-to-end development of AML, KYC, and Sanctions policies tailored to your specific business - Independent AML Audits & BSA/AML Risk Assessments. - MSB Registration & Money Transmitter Licensing (MTL) - High-Risk Merchant & Payment Processor Onboarding - Banking & BaaS Partner Access - Gaming & Sweepstakes Compliance Certification (Geo - Location) - KYC & Transaction Monitoring Vendor Selection - AML Training Programs - ACH Annual Audits Industries Served FinTech · Crypto & Digital Assets · Payments · Money Service Businesses (MSBs) · Gaming & Sweepstakes · E-Commerce · Investment Advisory · BNPL · Remittance Credentials ACAMS Certified (Certified Anti-Money Laundering Specialist) MBA — Accounting & Finance Professional Accountant 20+ years across U.S., Canadian, European, and Middle Eastern regulatory environments (FinCEN, FINTRAC, and more)