pa|Contrast Advisory offers information and cyber security services spanning from strategy and governance, through to information handling and cyber security resilience. Our services are tailored to each specific situation and always focuses on delivering in line with overall organisational strategies. We support our clients by offering IT governance services from strategy establishment and planning to performance monitoring and reporting. Our services focuses on business performance and governance frameworks that are flexible enough to deliver continuous improvement and future success. We offer services in a range of IT-risk spanning from establishing a risk universe, assessment methodology, response plans to monitoring and reporting. Our risk services cover technical as well as cultural and organisational challenges whilst not losing track of overall business goals. Contrast Advisory offers compliance services related to internal compliance, governmental and public service compliance, through to industry specific regulatory compliance. We aid organisations in assessing and tuning their systems of internal control so that they adequately measure and manage the compliance risks they face h1|Our business is assuring performance by aligning risk exposure with business strategies. We are accredited advisors helping our clients develop their business performance by using risk management as a business enabling differentiator. h2|We are Contrast Advisory. Assuring performance. Read more about us and our services sp|Accredited GRC advisors. and how we may help you. Services About us 559128-8096 bo|Information security IT governance IT risk IT compliance pa|We are always interested in expanding collaboration with incubators, event organizers, other consultancy firms and market participants. Please contact us for further discussions about mutually beneficial collaborations. If you believe that you are an exceptional talent within IT GRC we are keen to get in contact to discuss potential cooperation or employment possibilities h2|Get in contact. h3|Want to become our partner? Want to work with us? Contact form sp|559128-8096 pa|Our assurance services are aimed at providing independent statements regarding organisations’ performance against internal ambitions and external requirements such as contractual and regulatory compliance. In addition to an independent statement, each assurance assignment is delivered with tailored recommendations and advice based on the latest know how and industry best practises. Our assurance engagements are typically performed together with or on behalf of our clients’ board of directors, executive management, risk, compliance, internal audit department or on behalf of external stakeholders. Our performance services are aimed at improving our clients’ operations to ensure that they are aligned with the overall goal and strategy. Key deliverables include new or revised strategies and goals, processes, procedures and role descriptions as well as related education. Our performance engagements are typically performed together with our client’s board of directors, executive directors and representatives from key business departments and the IT-department. Ensuring proper information handling within organisations and its affiliates is a key factor for business success. Therefore it is vital to handle an organisation’s information correctly all throughout the information lifecycle. Knowledge of what information that exist in the organisation, where it is located, its actual value and which threats exist towards loss, corruption or theft is critical in order to protect the information adequately. A risk based approach towards information security is essential for setting a proper level of security and will result in security initiatives being aligned with the organisation’s overall risk appetite. Contrast Advisory information security services focus on tailored solutions to each specific situation and delivers advice in line with overall organisational strategies. Our information security services span the areas shown on the right: There is more to IT governance than IT management and simply ensuring continued service delivery. IT has transitioned from a supporting process towards becoming a central part in business development. As such we focus on ensuring IT-governance workflows that enable constant reinvention of IT, thereby pushing the limits for our clients business potential. Therefore it is important not to view IT-governance frameworks, their procedures and controls as too rigid or as a purpose in themselves. Governance frameworks must be flexible enough to not only deliver continuous improvement on old metrics and ambitions but to support constant business evolution. Achieving this will give better possibilities to take the lead rather than follow in yesterday’s footsteps. This is the philosophy at the heart of our IT-governance services which include the following areas: Due to today’s constant digitalization, IT is rapidly becoming a more integrated part of modern business models. As a consequence IT risk management is a vital part for any organisation’s ability to reach set goals and to deliver long term customer value. This inadvertently puts IT-risk management on top of every organisation’s agenda. Contrast Advisory offers a suite of IT-risk services that not only focuses on technical issues but also on cultural and organisational aspects. The services we provide span from assurance to performance within the areas presented to the right. Over the last years there has been a strong trend towards stricter regulation worldwide where legislators pinpoint both specific sectors as well as previously non regulated markets. In order to efficiently comply with new regulations during times of constantly increasing external requirements, a key success factor is to harmonize internal initiatives and utilize common solutions. By utilizing a holistic approach towards IT compliance, organisations can draw on synergies, and spend more time and effort on what is really important. As such our compliance services aims to aid organisations coordinate efforts where IT compliance will impact their business without losing track of the overall business objective. Contrast Advisory offers services that aids organisations in assessing and tuning their systems of internal control so that they adequately measure and manage compliance risks that they face. Our services cover the areas shown on the right: To ensure that organisations’ procedures and controls are effectively implemented, all involved employees needs to gain a thorough awareness of the reasoning behind existing and new controls and their associated risks. Awareness is a key component within risk management and a necessity to prepare for scenarios that has not been encountered before. To ensure this, awareness training needs constant development in order to stay in tune with an ever evolving risk landscape. The overall purpose of an effective awareness strategy is to enable deeper insight and encourage participation. Therefore Contrast Advisory offers educational content regarding IT GRC issues tailored to your organisation’s specific needs and with specific awareness packages for audiences exposed to certain risk. Typical audiences for such educational efforts include staff from internal control functions as well as process, system and information owners. Our educational services and awareness trainings covers our above mentioned solution areas. Contrast Advisory offers framwork agreements so that you can rely on having quality assistance at a moments notice without unnecessary delay. With an established agreement you also have known price model, attractive pricing and an established business relationship. Our services can also be performed on periodically re-ocurring schedule in line with your needs. This is a suitable model for longrunning programs or projects where onging assurance is important, or for regular organisational schedules such as internal or extranal reporting. Contrast Advisory offers on demand services suitable for shorter occasional engagements. As such the terms of business are agreed upon per engagement li|Strategy and governance Risk management Roles and responsibilities Processes and procedures Continuous improvement Monitoring and reporting Cyber threat management Procedural readiness Incident management Measuring, follow-up and control Vulnerability testing Penetration testing Information identification Information classification Establishment of security requirements Technical security measures Administrative security measures Strategy and goals Frameworks and support Stakeholder commitment Program and project governance Risk management Performance management Value delivery & benefits realization Knowledge management Information lifecycle management Communication planning and management Organisational behaviour and culture IT service management Information security Architecture and development Resource optimization Business continuity Incident management Crisis management Vendor management Risk appetite Risk tolerance Key risk identification Key risk indicator Roles and responsibilities Risk forums Model for assessment Risk identification Risk mapping Risk categorization Risk evaluation Risk avoidance Risk mitigation Risk transfer Risk accpetance Controls establishment Key risk thresholds Control monitoring Continuous monitoring Risk reporting FFFS 2014:1-5 MiFiD 2 PSD2 SOX PUL GDPR MSBFS 2016:1-2 Critical infrastructure information ISO 27001-5 NIS Directive Establishment of governance frameworks Assurance of internal requirements Third party contract establishment Third party compliance Regular seminars Quarterly recurring training Annual education Knowledge testing Board of directors Executive management Internal control Support and sales staff Incident management Crisis management Escalation procedures Reporting structures Root cause analysis Follow up and reporting Key control management System monitoring System audit and evidence management Security event monitoring Risk reporting h1|Contrast Advisory’s service portfolio consists of two service lines, Assurance and Performance. We offer Governance, Risk and Compliance services on the Nordic market performed by accredited advisors based out of Stockholm. h2|Service lines Solution areas Model of delivery h3|Assurance Performance Information security IT risk Framework agreements Subscription services On demand h6|Secure information handling Cyber security resilience Information classification Strategy and planning Monitor, evaluate and report Establish and deliver Establish risk universe Risk assessment Risk response Risk monitoring and reporting Financial compliance Privacy compliance Governmental and public service compliance Internal compliance Awareness High risk exposure groups Incident & crisis team System and control owners sp|559128-8096 bo|IT governance IT compliance Education and awareness training pa|Our mission is to aid our clients in aligning their risk exposure with their business strategies, enabling them to reach their business goals. In order to achieve future success in today’s highly competitive business landscape it is crucial to manage risks correctly while still not losing momentum. For a business to perform at it’s peak potential it is vital to know when to embrace risks and when to avoid them. We help our clients develop their business based on relevant risks, appropriate tolerance levels and performance metrics so that risk management actually becomes a business enabling differentiator. Contrast Advisory offers tailored services performed by accredited advisors with a combined working experience from more than a hundred organisations in the Nordics ranging from finance and retail industries to government and energy industries. Our advisors have experience in key roles such as project managers, internal and external auditors as well as line management roles such as CIO and CISO. Marcus is a founding partner at Contrast Advisory and a senior governance, risk and compliance specialist. Marcus leverages a keen business acumen and deep technical understanding to deliver the best possible business value to all his stakeholders and customers. Marcus focus is to lead project teams on a strategic and tactical level. Marcus was the CIO and CISO for Transcendent Group and was responsible for setting strategic goals for IT and security across the enterprise in alignment with business objectives. Marcus was also service area leader of for the firm’s information security services, and was responsible for related business development. Marcus also worked as a senior information security specialist and team leader for key high profile assignments. During his time at KPMG Marcus was an audit & risk consultant leading several IT-related audits such as SOX-audits, security audits, external statutory audit as well as internal audit. Marcus was also responsible for heading KPMG’s data analysis unit. As a security consultant Marcus worked with strategic information security and IT-security. The work included operations security as well as security hardening. As the head of IT Marcus was responsible for IT operations and information security. Marcus worked withIT administration, systems maintenance and network topology. Marcus is the founder and president for (ISC)² Sweden Chapter, a non-profit organisation and official local chapter of the International Information Systems Security Certification Consortium (ISC)²®. Marcus was a part of the information committee of ISACA, an international professional association focused on IT governance known as the Information Systems Audit and Control Association. Jonas is a founding partner at Contrast Advisory and a senior advisor focused on risk management and information security. As an advisor Jonas has vast experience from leading and facilitating changes to align organisation’s risk exposure towards their goals. Jonas enjoys utilizing a sharp combination of technical knowledge and business understanding to enable successful business development. Jonas was part of the IT governance and security practice in Stockholm. During his time at Transcendent Group Jonas focused on information security, risk management, internal audit, internal control, privacy and conducted assignments for more than 40 clients in several different industries. During his time at EY Jonas primarily led IT-related audits, both within the external statutory audit and internal audit, as well as issued independent third party reports. Further Jonas was part of forming and implementing IT general control frameworks at several clients. At EY Jonas led work at over 50 different clients together with junior colleagues. During his studies Jonas also took a minor in Computer Science at Chalmers’ Department of Computer Science and Engineering st|Extracurricular h2|We are Contrast Advisory. h3|Our mission Advisors sp|559128-8096 bo|Presentation: Work life experience: Formal education: Presentation: Work life experience: Formal education: em|Email: firstname.lastname@contrastadvisory.se Phone: +46 (0)72 172 97 60 Transcendent Group, CIO & CISO KPMG, Audit & risk consultant Luxit, IT Security Specialist Advokatfirman Waldenström , Head of IT SEB IT, System and network operator M.B.A. – Master in Business Administration – Stockholm Business School, Stockholm University B.B.A. – Bachelor in Business Administration – Stockholm Business School, Stockholm University B.Sc. – Computer and Systems Sciences – Royal Institute of Technology & University of Stockholm Founder and president, board of directors (ISC)² Sweden Chapter ISACA Sweden Chapter, Information committee Email: firstname.lastname@contrastadvisory.se Phone: +46 (0)72 172 95 80 Transcendent Group, Information security specialist EY Advisory services, Audit and risk consultant M.Sc. – Management and Economics of Innovation, Chalmers University of Technology B.Sc. – Industrial Engineering and Management, Chalmers University of Technology