Olivier Reuland
Pragmatic Information Security and Privacy Expert

Governance, Risk and Compliance (GRC)

Help improve your GRC goals.
Cover image

Looking to strengthen your security practices? Let's work together to align your security governance with your business strategy and risk appetite.

Strong risk management practices ensure you are focusing resources on the right priorities. I will also help you establish a practical compliance framework that keeps you in line with relevant laws, regulations and industry standards.

GRC Consulting Services

Governance Advisory

  • Development and review of security policies and procedures
  • Security strategy alignment with business objectives
  • Security awareness programme development
  • Security committee establishment and guidance

Risk Management

  • Risk assessments and gap analysis
  • Third-party risk management programmes
  • Business impact analysis
  • Risk treatment plans and mitigation strategies

Compliance Services

  • Regulatory compliance assessments (ISO 27001, SOC 2, Essential 8 / APRA, PCI DSS)
  • Privacy impact assessments
  • Compliance programme development and implementation
  • Audit preparation and support

A Friendly Approach

As your trusted independent consultant, I deliver personalised GRC solutions that are:

  • Right-sized: Perfectly matched to your organisation's size and complexity
  • Cost-effective: Maximising value within your budget
  • Practical: Real-world solutions that actually work
  • Sustainable: Built to last and easy to maintain

Benefits

Why partner with an independent consultant?

  • Honest, unbiased advice without vendor influence
  • Flexible ways of working that suit you
  • Direct access to senior expertise
  • Better value compared to large consulting firms

Compliance That Drives Business Value

Turn regulatory requirements into competitive advantages. I help organisations achieve certifications that win clients, satisfy auditors, and reduce risks.

  • ISO 27001 - Win enterprise clients with globally recognised security certification
  • SOC 2 - Enable SaaS sales with customer-demanded security assurance
  • APRA (CPS 234) - Meet Australian financial services regulatory requirements
  • Essential 8 - Align with ASD's ACSC cybersecurity best practices
  • Privacy Act (AU) - Comply with Australian privacy law and protect personal information
  • Privacy Act (NZ) - Meet New Zealand privacy law requirements and safeguard data rights
  • Min. Standards (NZ) - Implement New Zealand Government minimum cybersecurity standards
  • GDPR - Handle EU citizen's data legally and build customer trust
  • ISO 42001 - Demonstrate responsible AI governance and risk management
  • OWASP - Build secure applications using industry-standard practices
  • NIST - Implement mature cybersecurity framework trusted globally
  • PCI DSS - Process payments securely and avoid costly compliance breaches
Olivier Reuland