Andrej is a Consultant at URM with over eight years’ experience spanning governance, risk, and compliance (GRC), assurance, and offensive security. He is a Certified Information Systems Security Professional (CISSP), holds the BCS Certificate in Information Security Management Principles (CISMP), has passed the IASME Vulnerability Assessment Plus exam, and is on the CREST Skilled Person Registry. He also holds City & Guilds Level 3 Diplomas in ICT Professional Competence, and ICT Systems and Principles for IT Professionals. Andrej has successfully guided hundreds of clients through various certifications, and regularly delivers internal audits, gap analyses, and risk assessments against a range of standards, including ISO 27001, 22301, 22302, and 9001. His expertise further extends to penetration testing oversight, vulnerability management, supplier risk management at scale, whistleblowing systems (including OneTrust implementation), business continuity exercises, and the development of security awareness and training programmes with measurable KPIs.
