Svenn Norendal, CGEIT CISA
Senior GRC Adviser and Auditor
Norendal International Ltd
21 Castlegate Drive
Office: +44 (0)1900 826 587
Mobile: +44 (0)7917 154 634
1974-1986: Security officer/engineer, IT security analyst and project manager, Swedish Telecom.
1986-1998: Corporate IT security manager, IAM owner, IT auditor, program manager and senior consultant, Ericsson.
1998-2004: Partner, management consultant, IT auditor and project manager, Norendal International.
Norendal International is a provider of Governance, Risk Management and Compliance support in the UK and abroad. We
have extensive understanding of IAM solutions and implementation, Access control, Data Classification, Information
Security Management Systems (ISMS) and security standards.
- Not afraid to put my view forward, based on experience (mine or others) to influence decision and direction;
- Result oriented in every task with a pragmatic view in a business oriented environment;
- Enjoy working with people to progress tasks and to resolve issues;
- Motivated, experienced, reliable and productive with a taste for challenges and changes;
- Interact with people and achieve objectives through knowledge transfer that change attitudes and behaviour;
- Tolerant but expect failures to be part of a learning experience;
- Certified Information Systems Auditor (CISA, 1993)
- Certified in the Governance of Enterprise IT (CGEIT, 2008).
- In the pipeline is to gain ISO 27001 Lead Auditor certification.
Support project regarding project risks and scope. Plan and perform review of IAM/IDM functionality, operations and services. Coordinate regulatory requirements business and ITGC impact, including SOX, and prioritize recommendations.
Review of current RM methodology and process. Plan, develop and implement new RM process based on the Forums IRAM methodology. Coordinate RM activities as SME and Project Manager. BAU activities covering remedy of audit issues including IDM and Basel II.
Manage review of current RM methodology and process. Manage the design, test and
implementation of new RM process based on the Forums IRAM methodology. Manage GAP analysis
within Trading, Downstream, Central Finance and EP. Manage review and GAP analysis of PCI DSS
compliance of Downstream projects in scope. Manage and Evaluate ITGC and SOX controls within
Central Finance and recommend improvements. Manage Business Impact Assessments at
Corporate Centre covering information risks and report to management.
Plan, manage and perform SOX testing of ITCG, Access and SOX controls on behalf of business managers and IM manager. Identify and prioritize gap and with business managers develop cost effective remedy solutions. Coordinate retesting when necessary. Review result with external auditors and coordinate status and management reports.
Plan, manage and perform SOX testing of ITCG, Access and SOX controls on behalf of business managers and IM manager. Identify and prioritize gap and with business managers develop cost effective remedy solutions. Coordinate retesting when necessary. Review result with external auditors and coordinate status and management reports to Audit Committee.
2000, 2 days Internet: Control Issues and Audit Methods, ISACA Northern UK Chapter
1999, 3 days Compsec International 1999, Elsevier
1996, 3 days Businessmanship, Ericsson Data/Business Training Systems AB
1995, 3 days How to Measure Advantages for Customers, Ericsson Data
1993, 2 weeks CISA prep course (ISACA Sweden Chapter)
1993, January Offensive Quality Work (Ericsson Quality Institutes)
1992, 6 weeks Project Management, FUTURUMS Higher Project management), 10 p, Ronneby University
1992, 2 weeks Advanced Management, AVANT/Ericsson Data
1991, 6 days Quality Service Program, Ericsson Data/Vendator
1990, May MVS Security, BackupCentralen
1990, May Network Security, Frost & Sullivan, Management Development Seminar
1989, October Computer Related Legislation, University of Link\u00f6ping
1988, November Relations Database Basics, Monitor ADB utveckling AB
1988, 2 weeks Information Security, 5 p, Royal Institute of Technology and Stockholm University
1988, November Continuity Planning - Disaster Recovery, Frost & Sullivan, Management Development
1988, February Computer Security, CGS Institute
1987, 1 week Project Management, \u00d6ppna Dataskolan, Ericsson Data
1986, 5 weeks Diploma in IT-security Management, Infosec PROSAB
1986, 2 years, part time Electric Power Engineer Degree, Huddinge College
1985, October U. S. Export Controls 7 - intensive course, Stockholm Chamber of Commerce
1984, May Data Communication II, STF ingenj\u00f6rsutbildning
1983, December SBA Management course, INFOSEC Prosab AB
1983, February Securicom-83, Cannes
1982, December Time Manager, Time Manager International
1982, November Physical Protection of Computer Plants, SBF Svenska Brandf\u00f6rsvarsf\u00f6reningen
1982, 21 weeks Programmer Education, IBM/UNIVAC, Swedish Telecom
1981, January Infrared Physics for Professionals, 2 p, Royal Institute of Technology, Stockholm
1980, October Direct Current Systems, STF Ingenj\u00f6rsutbildning
1980, March Methodology for Education, Swedish Telecom
1979, March MULTICOM, Swedish Telecom
1976 \u2013 1978 MULTILARM, MULTILARM L 300, MULTILARM L 400 Swedish Telecom
1973, 4 years Electronic and Telecommunications Engineering Degree, Thorildsplans College
1979-2007, several customer focusing IT management courses/seminars providing guidance on the planning,
delivery and management of quality IT services to support business needs (ITIL).
Now bringing you back...
Does that email address look wrong? Try again with a different email.