Cybersecurity governance

Secure by design, resilient
under pressure.

Security architecture and governance for environments where failure is not an option — Zero Trust implementation, GRC alignment, SIEM/SOC design, incident response frameworks. 55% MTTR reduction, ISO 27001 and PCI DSS delivered.

Security that survives delivery

Cybersecurity that lives in policy documents but not in system design is security theatre. My mandate is to embed security into architecture decisions — threat modelling in the design phase, control validation during delivery, evidence trails that survive audit. Environments that have carried this mandate include NATO classified networks, UN digital backbone and PCI DSS Level 1 banking platforms.

Standards: ISO 27001 · PCI DSS L1 · NIST 800-53 · SWIFT CSP · CIS Controls · GDPR · NATO INFOSEC

What I offer

Cybersecurity services

🛡️
Secure-by-design architecture

Threat modelling, security architecture reviews, control mapping into design — before the vulnerability is built in, not after.

Embedded from day one
🚫
Zero Trust implementation

Zero Trust architecture (NIST 800-207), micro-segmentation, PAM, identity federation, continuous verification — across cloud and hybrid.

Zero Trust delivered
📋
GRC & compliance alignment

ISO 27001, PCI DSS, NIST 800-53, SWIFT CSP, GDPR control frameworks built into architecture and operations.

100% audit closure
🔍
SIEM & SOC architecture

Security monitoring, SIEM platform design, SOC playbooks, incident detection and response — 55% MTTR reduction achieved.

55% MTTR ↓
🚨
Incident response framework

IR runbooks, escalation paths, forensics-readiness, comms protocols. Designed before an incident, not during.

Response-ready
🔐
PKI, HSM & identity

PKI architecture, HSM/KMS integration, certificate lifecycle, identity federation — for DPI, banking and classified environments.

Trust chain secured

Key engagements

Cybersecurity mandates

PIR2-IT — Banking Portfolio · 2024–present
Lead Cyber Security Consultant across 23 global and Romanian banks — UNFCU, EIB, Société Générale, HSBC, BNP Paribas, Credit Suisse. Defined PCI DSS and ISO 27001 control frameworks; designed PAM/IAM architecture integrated with Azure AD and on-prem AD FS; served as Product Owner and 3rd-line authority for Palo Alto, CyberArk, CrowdStrike, DLP, SIEM, SOAR, and DDoS-mitigation platforms. 58% MTTR reduction. Mentored 10–15 engineers. Planned, facilitated and executed workshops for governmental agencies, academia and industry.
PCI DSS · ISO 27001PAM / IAM · Azure ADCyberArk · CrowdStrike · Palo Alto−58% MTTRSIEM · SOAR · DLPWorkshops · Stakeholders
NATO / NCIA · 2023–2024 · The Hague
Led Content Collaboration Section at NATO/NCIA — end-to-end service lifecycle for collaboration and cybersecurity platforms in classified environments. Migrated all content systems to hybrid cloud. Designed and governed security architectures integrating satellite and terrestrial networks with PAM/IAM, SIEM/SOAR and GRC platforms. 3rd-line operational support aligned to NIST 800-53, ISO 27001, PCI DSS, and NCA ECC.
NATO SecretNIST 800-53 · ISO 27001PAM/IAM · SIEM/SOAR · GRCSatellite architecturesNCA ECC
EEAS Brussels · 2022–2023
Led cloud security and architecture programmes across AWS, Azure, and GCP — IaaS, PaaS, SaaS, and satellite solutions aligned with ISO 27001, PCI DSS, GDPR, and HIPAA. Directed 50+ member team on app migrations, networking, and cybersecurity engineering. Configured NGFW, WAF, IDS/IPS, sandbox, EDR, DLP, vulnerability management, PAM, IAM, and DDoS protection. Projects: EU BICES, EU Space, satellite, Intelligence Applications, C3, IT infrastructure, Disaster Recovery, Document Management.
EU classifiedAWS · Azure · GCPISO 27001 · PCI DSS · GDPRSatellite · BICES · C350+ team lead
Innovation Center · 2019–2022 · Worldwide / Bucharest
Directed IBM's Innovation Centre (39 experts) for IT Security in Defence and Financial Services. Led enterprise-scale cybersecurity and cloud-engineering programmes. Designed and governed security architectures integrating satellite and terrestrial networks with PAM/IAM, SIEM/SOAR, and GRC. Led multi-country cyber resilience and secure communications programmes across defence and international institutions. Teams of 25+ engineers enforcing ISO 27001, NIST 800-53, and PCI DSS from requirements through secure deployment.
ISO 27001 · NIST 800-53 · PCI DSSDefence · BankingSatellite · Hybrid cloudPAM/IAM · SIEM/SOAR39-expert centre
Groupe Société Générale / BRD · 2011–2013 · Paris / Bucharest
Deputy CISO — led design, governance, and implementation of enterprise-wide security across SG's European infrastructure. 150+ banking applications secured across EMEA. Multi-layered architecture: Palo Alto, Check Point, IDS/IPS (Snort, Suricata), EDR (CrowdStrike, Carbon Black), DLP (Symantec, Purview), PAM/IAM (CyberArk, Azure AD). EDR/SIEM correlation (QRadar, Splunk) across SOC — 50% MTTR cut. Closed critical audit findings: PCI DSS and ISO 27001 readiness, 45% reduction in unauthorised access incidents, 30% compliance maturity improvement.
Deputy CISOPCI DSS · SWIFT CSP · ISO 27001 · Basel II/IIICyberArk · CrowdStrike · Palo Alto−50% MTTR · −45% unauth accessQRadar · Splunk SOC
Motorola / Freescale — CoE Cybersecurity · 2006–2008 · Worldwide / Bucharest
Developed and led Motorola Centre of Excellence for Cybersecurity (CoE-CS) — US$18M (2006) + US$26M (2007) investment. Strategy and design of major information-security systems worldwide; 35 experts directed, 23 hired. Led Crypto-X — digital/biometric identity and authorisation. Assessed 3,000+ legacy applications, consolidated 839; established CSIS and Motorola's first internal/external cybersecurity audit programme.
CoE-CSCrypto-X · Biometric IDCSIS · Audit programmeUS$44M investmentZero-trust concept · VPN · SSL
Alcatel Romania — Defence, Security & Intelligence CoE · 2002–2006 · Timișoara
Co-led Alcatel Centre of Excellence for Defence, Security and Intelligence markets. Cyber investigations, computer forensics, vulnerability assessments and incident response across defence and banking clients. Architecture and design for EURODAC, Border Protection and national surveillance systems. ISO 2700x Centre of Security Information Systems established.
Defence CoECyber forensics · InvestigationsEURODACISO 2700x CSISBorder surveillance

Visual reference

Cybersecurity governance infographic

Cybersecurity Governance — Marius Russo-Got

Need cybersecurity architecture or GRC alignment?

Zero Trust, ISO 27001, PCI DSS — available for retained advisory mandates.