Description

I help organisations strengthen their cybersecurity posture through specialised consulting in Information Security Governance, Cybersecurity GRC, and IT Audit. With over 15 years of experience across banking, energy and digital services, I support clients in designing, implementing and optimising security frameworks aligned with ISO 27001, NIS2, DORA and sector-specific regulatory requirements.

My work ranges from full ISMS implementations and security governance programmes to risk assessments (ISO 27005), third-party risk reviews, vulnerability management processes, cloud & infrastructure audits, SOC maturity evaluations and compliance readiness (PCI-DSS, GDPR). I work closely with executive teams, IT, Risk and InfoSec departments, ensuring that security controls are both effective and aligned with business goals.

Clients appreciate my structured approach, clear deliverables and the ability to translate complex regulatory requirements into actionable, practical solutions.

Availability:

• GCC (UAE, Qatar, KSA, Bahrain, Kuwait, Oman): Remote-first, with up to 2 weeks/month on-site for leadership workshops, risk assessments, ISO 27001/SOC2 activities or regulatory reviews.

• EU: Remote-only engagements across cybersecurity, IT audit, GRC and compliance programmes.

Industry field of expertise

Languages

English
Fluent
Romanian
Native or bilingual

Workplace preferences

Remote only

Primarily works remotely

Freelancer
Information Security Consultant
CONSULTING AND AUDITS
January 2013 - Today (13 years and 5 months)
Bucharest, Romania
Providing specialised consulting in information security, IT audit and cybersecurity governance for organisations in banking, energy and digital services. Delivered full ISMS implementations (ISO 27001), NIS2 gap assessments, security policy frameworks, risk analyses, vendor risk reviews and audit readiness programmes. Supported clients with security architecture reviews, SOC maturity assessments, vulnerability management processes and regulatory compliance (DORA, GDPR, PCI-DSS).
ISO 27001 NIS2 Cybersecurity GRC Cybersecurity Audit Information Security Risk Management
Banca Transilvania
Head of IT Audit
BANKING AND INSURANCE
January 2019 - Today (7 years and 5 months)
Bucharest, Romania
Led the IT Audit division of the largest bank in Romania, overseeing audits on cybersecurity, IT governance, cloud security, digital banking, core banking, business continuity and third-party risk. Designed annual audit strategies aligned with regulatory frameworks (NIS2, DORA, PCI-DSS, EBA guidelines). Delivered high-impact audit engagements, provided strategic recommendations to executive management, and collaborated closely with InfoSec, Risk, IT and Digital divisions. Strengthened the bank’s overall cyber resilience and compliance posture through risk-driven audit planning, targeted assurance reviews, and continuous advisory support to senior leadership.
DORA NIS2 PCI-DSS Cybersecurity Audit Cybersecurity GRC
TRANSGAZ SA
Information Security Expert
ENERGY AND UTILITIES
January 2016 - January 2018 (2 years)
Bucharest, Romania
Conducted security audits and risk assessments for critical infrastructure in the national energy sector. Evaluated cybersecurity controls, analysed vulnerabilities, and ensured compliance with ISO 27001, NIS and national sectoral regulations. Contributed to strengthening operational resilience, securing SCADA-related environments and improving incident reporting mechanisms.
ISO 27001 Cybersecurity Audit NIS2 SCADA Security ISO 27005