Institutional governance

Architecture authority, decisions
that hold under scrutiny.

Most governance frameworks are designed for compliance, not for decisions. The model I build creates structures that delivery teams actually use — lightweight enough to move fast, rigorous enough to satisfy regulators, transparent enough to satisfy boards. 270+ projects governed across 11 international institutions; 89% of audit findings closed within 12 months of governance activation.

Governance that works in practice

Most governance frameworks fail because they are designed for compliance, not for decision-making. The model I build creates a governance structure that delivery teams actually use — lightweight enough to move fast, rigorous enough to satisfy regulators, transparent enough to satisfy boards.

Used at: NATO/NCIA · UN Secretariat · EEAS · ECB · INTERPOL · BRD/Société Générale

What I offer

Governance services

🏛️
Architecture Review Board design

ARB charter, membership model, review cadences, escalation paths. A board that speeds decisions rather than slowing them.

Decisions in days, not weeks
📋
Decision governance & ADRs

Architecture decision record system — ownership, rationale, tradeoffs, audit trail. Every material call documented and traceable.

Full audit trail
🔍
Audit-readiness framework

Control evidence packs, finding registers, closure tracking. 89% of findings closed within 12 months of governance activation.

89% closure rate
📐
Policy & control frameworks

Security policies, architecture policies, data governance policies — mapped to COBIT, NIST, ISO standards and regulatory requirements.

Regulator-ready
🔄
Portfolio governance

Programme governance structures for multi-workstream portfolios. Budget control, milestone tracking, risk registers aligned to architecture.

270+ projects governed
📊
Reporting & dashboards

Executive-level architecture and governance dashboards — designed for boards, CISOs and CIOs who need signal, not noise.

Board-level clarity

Key engagements

Where governance was mandated

PIR2-IT — Banking Portfolio · 2024–present
Compliance and governance authority across 23 global and Romanian banks — PCI DSS and ISO 27001 control framework definition; PAM/IAM architecture governance integrated with Azure AD and AD FS; 3rd-line authority and Product Owner for security platform portfolio (Palo Alto, CyberArk, CrowdStrike, DLP, SIEM, SOAR, DDoS). Structured governance model reduced MTTR by 58%.
PCI DSS · ISO 27001PAM/IAM governance23 banks−58% MTTRSIEM · SOAR · DLP
ENISA — NCSS Framework · 2013 · Brussels
IT Security Advisor — defined National Cyber Security Strategy (NCSS) frameworks for EU member states. Strategic objectives, capability requirements, and prioritised action plans translating national security needs into implementable cyber frameworks.
NCSS frameworkEU member statesStrategic policyCyber governanceENISA
United Nations / OICT · 2016–2019 · New York
Architecture governance authority across 11 UN system entities, 178-state coverage — ARB chair, ADRs, portfolio governance, UN cyberspace strategy advisory. COBIT-aligned decision framework, regulatory audit support.
COBIT · ARB178 statesPortfolio governanceUN cyberspace strategy11 UN entities
NATO / NCIA · 2023–2024
Architecture governance in NATO Secret — ARB, ADRs, STANAG and NAF compliance. Architecture decision authority across ANWI/AVI/ESS classified domains. CD&E (Concept Development & Experimentation) methodology applied to capability requirements.
NAF · STANAGClassified governanceADR · ARBCD&ENATO Secret
European External Action Service · 2022–2023 · Brussels
Governance under EU classified framework — architecture authority, audit evidence, compliance documentation. EU INFOSEC, cross-domain solution governance for diplomatic and intelligence systems.
EU classifiedINFOSECArchitecture authorityAudit evidence
European Central Bank · 2014–2015 · Frankfurt
Financial governance, SWIFT CSP compliance, regulatory audit support. Architecture for ECB payment and settlement systems in compliance with PCI DSS, ISO 27001, and ECB SIPS Regulation.
SWIFT CSPPCI DSS · ISO 27001Payment governanceECB SIPSRegulatory audit
INTERPOL · IBM era
Architecture and governance authority for law enforcement digital platforms — INTERPOL National Cyber Review II across 197 member states. Security governance, cross-border intelligence data framework, multi-agency compliance. Delivered via a top-tier international management consultancy, Singapore.
Security governance197 member statesCross-borderIntelligence dataCyber Review II

Visual reference

Governance infographic

Institutional Governance — Marius Russo-Got

Need governance that actually works?

ARB design, ADR frameworks, audit-readiness — available for retained advisory mandates.