Pentagon Infosec

Certified Security and Compliance Consultant (ISO 27001/SOC2) A certified senior security and compliance consultant and a virtual CISO (CISA, CISSP) specialized in consulting for the implementation and operation of security frameworks (ISO 27001, SOC 2, PCI) with a proven record of successful certification projects. Securing your business, achieving a security certification for your company, or answering a security questionnaire should not be cumbersome and painful exercises. I will provide you with the solution to tackle security issues effectively as you will have access to all the experience and knowledge I have gained over 9 years working at large banks (Royal Bank of Scotland, Bank of Tokyo) and multinational companies (Vodafone, AXA, FedEx) in different security roles and as a full-time freelancer helping SaaS companies to improve their security and get them certified. As a virtual/fractional CISO, I have created a streamlined and efficient workflow to take this off your shoulder and help the company achieve growth-phase plans and targets by establishing a solid security and governance framework to win Enterprise clients. You will get all the support, tools, and knowledge to get your company and product secured and compliant with ISO 27001, SOC 2, HIPAA, CMMC, PCI-DSS, StateRAMP, NY DFS, GDPR (or other data privacy) compliance framework by identifying the best solutions, and managing the whole process (requirements identification, solution selection, implementation, documentation, certification) for you. Some facts to support your decision: ✅ Constant Top-Rated status ✅ Over 21+ completed projects ✅ 8000+ hours via Upwork ✅ Supporting all time zones ✅ Long-term engagements ✅ Two decades of experience ✅ Professional certifications ✅ Experiences with compliance management systems (Sprinto, TugBoat, Vanta, and others). As your remote (virtual) Information Security Officer (ISO) or Chief Information Security Officer (CISO), you will get all the following information security and compliance-related services: ✅ Information security management strategy, assessments, action plan, ✅ Participating in calls during client or vendor engagements, representing the company's Security team, ✅ Vendor relations, ✅ Security framework implementation and certification (ISO 27001/17/18, SOC 2, HIPAA, PCI-DSS) ✅ Risk assessment, management, treatment plan, remediation tracking ✅ Answering and filling security assessment questionnaires (OneTrust, CyberGRX, CAIQ, HEVCAT, VAS, or any other questionnaire), ✅ Information security policy and procedure creation/update/review, ✅ Budgeting, ✅ Security operation - user access review, firewall review, cloud security posture, log reviews, endpoint security management, vulnerability management, incident management, cloud security posture management ✅ Unique, company-specific tasks ✅ Internal audit, gap assessments, ✅ Consulting, ✅ On-demand/part-time/full-time.