Clarity
Plain-language reports and recommendations.
Hello, I am
Cybersecurity GRC professional.
I help teams turn security requirements into clear controls, evidence, and action.

About Osen
I focus on the documentation, evidence, controls, and risk decisions that help organizations mature their security programs.
My goal is to make security work easier to understand, easier to own, and easier to improve.
Plain-language reports and recommendations.
Framework-aligned artifacts and traceability.
Security work shaped around practical ownership.
9+
case studies
8
framework areas
6
GRC skill groups
2
completed credentials
Cybersecurity Workflow
I use a simple workflow that keeps the work understandable: assess the situation, map it to frameworks, document the evidence, and recommend improvements.
I clarify business context, risks, controls, and evidence gaps.
I connect findings to frameworks like ISO 27001, NIST CSF, and CIS Controls.
I turn the work into reports, registers, policies, and decision-ready artifacts.
I recommend practical next steps that teams can own and maintain.
Core Competencies
I focus on practical GRC work: the policies, assessments, evidence, and reports that help security programs move with confidence.
Developing policies, control expectations, and governance artifacts that help security programs operate with clarity.
Assessing business risk, documenting impact, and translating findings into prioritized treatment plans.
Mapping requirements to practical evidence, controls, documentation, and audit-friendly reporting.
Reviewing controls, identifying gaps, and presenting remediation recommendations in professional formats.
Evaluating third-party risk through questionnaires, control reviews, and business impact analysis.
Supporting incident response planning with roles, escalation paths, communications, and lessons learned.
GRC Dashboard
Strong GRC work should help teams see ownership, risk, evidence, and resilience without digging through scattered documents.
Policy, ownership, controls
Assessment, registers, treatment
Framework mapping, evidence
Incident and continuity planning

Featured Projects
These case studies show how I move from business context to methodology, deliverables, outcomes, and lessons learned.

Governance
A structured policy development engagement aligning security expectations with business objectives and recognized frameworks.

Internal Audit
An internal assessment that reviewed security controls, documented gaps, and produced a prioritized remediation roadmap.

Risk Management
A risk assessment project documenting assets, threats, likelihood, impact, and treatment options for management review.
Professional Journey
My path is intentionally GRC-focused: learn the frameworks, apply them through structured projects, and keep improving the way I communicate risk.
2024
Eretmis Academy
Completed structured GRC-focused projects covering governance, internal assessment, risk management, awareness, and incident preparedness.
2024
ISC2 and Google
Built foundational cybersecurity knowledge across principles, operations, frameworks, incident response, and governance.
Ongoing
Professional Development
Expanding expertise in ISO 27001, IT audit, vendor risk, business continuity, and AI security governance.
Skills & Certifications
Here is the compact view: completed credentials, current learning direction, and the GRC skill groups I apply throughout the case studies.
ISC2
Foundational cybersecurity certification covering security principles, incident response, access controls, risk, and governance concepts.
Credential: Available on request
Verification informationGoogle Career Certificates
Practical program covering security operations, network security, Linux, SQL, Python, incident response, and security frameworks.
Credential: Available on request
Verification informationExplore my case studies or get in touch about cybersecurity governance, risk, compliance, and audit-focused opportunities.