Information Security • Privacy • Governance

Mirza Gogic

Senior information security and privacy professional specializing in cyber risk management, security and privacy governance, cloud transformation, AI security, and regulated environments.

Experience spanning financial services, public sector, and pharmaceutical manufacturing, with work focused on cybersecurity governance, risk management, regulatory compliance, and secure transformation initiatives in complex operational environments.

Contact Download CV LinkedIn
Portrait of Mirza Gogic
Oslo, Norway Security, privacy and risk governance in regulated environments.
Areas of Focus

Governance, risk and regulated technology.

A cross-disciplinary profile combining legal, technical, security and privacy perspectives across complex organizations and regulated operating models.

01

Cyber risk management & security governance

02

Privacy, GDPR & data protection

03

Cloud & hybrid security governance

04

AI Security, governance & emerging regulation

05

Third-party & supply chain risk

06

OT / IT security in regulated environments

Selected work & responsibilities

Practical governance across security, privacy and transformation.

Selected areas of work reflecting responsibilities across regulated environments, enterprise risk processes, cloud transformation, privacy governance and operational security.

Security governance & risk management

  • Establishing and maturing Information Security Management Systems aligned with ISO 27001 and IEC 62443.
  • Designing enterprise-wide cyber risk management processes and governance structures.
  • Developing risk scenarios, risk registers and risk-based decision-making approaches.
  • Supporting management and operational stakeholders through governance and risk advisory activities.
  • Aligning security governance with operational, regulatory and business requirements.

Cloud transformation & infrastructure governance

  • Supporting secure cloud and hybrid infrastructure transformation initiatives.
  • Governance and security oversight during organizational carve-outs and transition programs.
  • Working with Azure and hybrid environments in regulated operational contexts.
  • Supporting governance approaches for infrastructure security, operational resilience and compliance.
  • Bridging governance, operational and technical perspectives in infrastructure-related initiatives.

Privacy, GDPR & data protection

  • Designing and implementing privacy governance processes and methodologies.
  • Conducting and supporting DPIAs, LIAs, TIAs and related privacy assessments.
  • Supporting GDPR compliance in complex business and operational environments.
  • Integrating privacy and security governance into organizational and IT processes.
  • Advising on data protection risk, governance and regulatory expectations.

Security in regulated environments

  • Supporting security governance in GxP-regulated operational environments.
  • Working with governance and compliance considerations related to Annex 11, GAMP 5 and data integrity expectations.
  • Supporting qualification and governance approaches for regulated IT infrastructure.
  • Addressing OT / IT security considerations within pharmaceutical and operational environments.
  • Supporting risk-based approaches to security and compliance in regulated contexts.

AI security & governance

  • Developing governance approaches for enterprise AI usage and adoption.
  • Supporting awareness and responsible use initiatives related to AI technologies.
  • Assessing security, privacy and governance risks associated with AI usage.
  • Following developments related to AI governance, emerging regulation and enterprise risk.
  • Supporting practical and risk-based approaches to AI adoption in organizational environments.

Third-party & supply chain risk

  • Supporting supplier and outsourcing risk governance processes.
  • Conducting third-party security and privacy assessments.
  • Supporting governance approaches aligned with DORA, NIS2 and operational resilience expectations.
  • Addressing security and privacy considerations in outsourced and cloud-based environments.
  • Supporting governance and oversight activities related to external service providers.
Professional experience

Financial services, public sector and pharmaceutical manufacturing.

Experience across environments where security, privacy, resilience and regulatory expectations must be translated into practical governance and operational decisions.

Chief Information Security Officer

Agilera Pharma AS

Leading information security, privacy, governance and risk management initiatives in a highly regulated pharmaceutical manufacturing environment during a major organizational carve-out and cloud transformation program.

  • ISMS establishment and governance
  • Cyber risk management
  • Cloud and hybrid infrastructure governance
  • OT / IT security considerations
  • AI governance and awareness initiatives
Senior Security and Privacy Risk Manager

Erste Digital GmbH

Worked with enterprise-scale security and privacy governance in one of Central Europe’s largest banking groups.

  • Enterprise risk assessments
  • DTIA and LIA methodologies
  • Third-party and outsourcing risk governance
  • DORA-aligned governance initiatives
  • Vulnerability and remediation governance
Senior Advisor

Norwegian Tax Administration

Worked with OSINT, privacy, compliance and emerging technology risk within Norwegian government institutions.

  • Cross-government OSINT coordination
  • Privacy governance for emerging technologies
  • Operational intelligence analysis
  • OSINT methodologies and tooling
  • Training and awareness initiatives
Certifications & Education

Security, privacy, risk and legal foundation.

A profile combining recognized security and privacy certifications with legal education in IT law and EU law, supported by technical education in networks and system administration.

CISSP CISM CRISC CIPP/E CIPM CIPT FIP CCSK ISO/IEC 27001 Lead Implementer ISO/IEC 27005 Risk Manager

University of Oslo

Master of Laws — IT Law

Stockholm University

Master of Laws — EU Law

Noroff School of Technology and Digital Media

Network and System Administration

Contact

Security, privacy and governance in complex environments.

Open to relevant conversations related to information security governance, cyber risk management, privacy, AI governance, regulated environments and secure transformation initiatives.

Email LinkedIn Download CV