Curriculum Vitae

Svenn R. Norendal
Svenn Norendal, CGEIT CISA Director Senior GRC Adviser and Auditor Norendal International Ltd 21 Castlegate Drive Cockermouth CA13 9HD U. K. Office: +44 (0)1900 826 587 Mobile: +44 (0)7917 154 634 svenn@norendal.com Revised: 08/04/2010

SUMMARY
My background is Telecom Engineer 1973. Now, the main area is business support within Governance, Risk Management and Compliance, GRC. Most tasks are carried out in the capacity as project manager or adviser. Employments: 1974-1986: Security officer/engineer, IT security analyst and project manager, Swedish Telecom. 1986-1998: Corporate IT security manager, IAM owner, IT auditor, program manager and senior consultant, Ericsson. 1998-2004: Partner, management consultant, IT auditor and project manager, Norendal International. 2004-: Director, manager, senior GRC adviser, business development, Norendal International Ltd. Norendal International is a provider of Governance, Risk Management and Compliance support in the UK and abroad. We have extensive understanding of IAM solutions and implementation, Access control, Data Classification, Information Security Management Systems (ISMS) and security standards. Clients: Electrolux, Lansforsakringar, SAS, Handelsbanken, SPP, Ford Motor Company, Xerox UK, Shell International, Alliance & Leicester, Banco Santander, EDB Business Partner etc. I am; - Not afraid to put my view forward, based on experience (mine or others) to influence decision and direction; - Result oriented in every task with a pragmatic view in a business oriented environment; - Enjoy working with people to progress tasks and to resolve issues; - Motivated, experienced, reliable and productive with a taste for challenges and changes; - Interact with people and achieve objectives through knowledge transfer that change attitudes and behaviour; - Tolerant but expect failures to be part of a learning experience; - Certified Information Systems Auditor (CISA, 1993) - Certified in the Governance of Enterprise IT (CGEIT, 2008). - In the pipeline is to gain ISO 27001 Lead Auditor certification.
1 (5) Curriculum Vitae Svenn R. Norendal

PROFESSIONAL PROFILE
August 1998 to present Senior GRC Adviser and Auditor, Director Norendal International Ltd

Since 1998 I have managed the development and administration of Norendal International and provided professional services to clients in the UK and abroad. I am available for contract engagements for up to 9 months every year. Project experience the last 5 year, 12 contracts: 09/03/01-09/05/31 Senior GRC Adviser, EDB Business Partners, Oslo, 1 contract Support project regarding project risks and scope. Plan and perform review of IAM/IDM functionality, operations and services. Coordinate regulatory requirements business and ITGC impact, including SOX, and detail recertification and improvements. Senior GRC Adviser, Alliance & Leicester/Banco Santander, 2 contracts Review of current RM methodology and process. Plan, develop and implement new RM process based on the Forums IRAM methodology. Coordinate RM activities as SME and Project Manager. BAU activities covering remedy of audit issues including Basel II. Senior GRC Adviser and SME, Shell International, London-The Hague-Rotterdam, 5 contracts Manage review of current RM methodology and process. Manage the design, test and implementation of new RM process based on the Forums IRAM methodology. Manage GAP analysis within Trading, Downstream, Central Finance and EP. Manage review and GAP analysis of PCI DSS compliance of Downstream projects in scope. Manage and Evaluate and recertification of ITGC and SOX controls within Central Finance and recommend improvements. Manage Business Impact Assessments at Corporate Centre covering information risks and report to management. SOX Analyst/Tester/SME and project Manager. Xerox UK, 2 contracts Plan, manage and perform SOX testing of ITCG and SOX controls on behalf of business managers and IM manager. Identify and prioritize gap and with business managers develop cost effective sustainable remedy solutions. Coordinate recertification and retesting when necessary. Review result with external auditors and coordinate status and management reports. SOX Analyst/Tester/SME and project Manager. Ford Motor Company, 2 contracts Plan, manage and perform SOX testing of ITCG and SOX controls on behalf of business managers and IM manager. Identify and prioritize gap and with business managers develop cost effective remedy solutions. Coordinate recertification and retesting when necessary. Review result with external auditors and coordinate status and management reports to Audit Committee.

08/06/01-08/11/30

06/03/01-07/01/31

05/05/01-05/12/31

04/06/01-04/12/31

Summary of previous contracts: 2002-2004 2000-2002 2001 2000 2000 1998-1999 1998-1999 International marketing/sale of the SBA Method series; SBA Check, SBA Scenario and SBA Project Project manager of corporate awareness programme, (Pharmacia/Pfizer) Information security status review (ISSS) as project manager (SAS) Adviser to Information security status reviews including data centre physical security (Electrolux) Project review/support, SSO (Handelsbanken) Manage GAP analysis to BS7799, QA reviews (Lansforsakringar). Information security status review (ISSS) as project manager (SAS).

2 (5)

Curriculum Vitae Svenn R. Norendal

EDUCATION
2000, 2 days Internet: Control Issues and Audit Methods, ISACA Northern UK Chapter 1999, 3 days Compsec International 1999, Elsevier 1996, 3 days Businessmanship, Ericsson Data/Business Training Systems AB 1995, 3 days How to Measure Advantages for Customers, Ericsson Data 1993, 2 weeks CISA prep course (ISACA Sweden Chapter) 1993, January Offensive Quality Work (Ericsson Quality Institutes) 1992, 6 weeks Project Management, FUTURUMS Higher Project management), 10 p, Ronneby University 1992, 2 weeks Advanced Management, AVANT/Ericsson Data 1991, 6 days Quality Service Program, Ericsson Data/Vendator 1990, May MVS Security, BackupCentralen 1990, May Network Security, Frost & Sullivan, Management Development Seminar 1989, October Computer Related Legislation, University of Linköping 1988, November Relations Database Basics, Monitor ADB utveckling AB 1988, 2 weeks Information Security, 5 p, Royal Institute of Technology and Stockholm University 1988, November Continuity Planning - Disaster Recovery, Frost & Sullivan, Management Development 1988, February Computer Security, CGS Institute 1987, 1 week Project Management, Öppna Dataskolan, Ericsson Data 1986, 5 weeks Diploma in IT-security Management, Infosec PROSAB 1986, 2 years, part time Electric Power Engineer Degree, Huddinge College 1985, October U. S. Export Controls 7 - intensive course, Stockholm Chamber of Commerce 1984, May Data Communication II, STF ingenjörsutbildning 1983, December SBA Management course, INFOSEC Prosab AB 1983, February Securicom-83, Cannes 1982, December Time Manager, Time Manager International 1982, November Physical Protection of Computer Plants, SBF Svenska Brandförsvarsföreningen 1982, 21 weeks Programmer Education, IBM/UNIVAC, Swedish Telecom 1981, January Infrared Physics for Professionals, 2 p, Royal Institute of Technology, Stockholm 1980, October Direct Current Systems, STF Ingenjörsutbildning 1980, March Methodology for Education, Swedish Telecom 1979, March MULTICOM, Swedish Telecom 1976 – 1978 MULTILARM, MULTILARM L 300, MULTILARM L 400 Swedish Telecom 1973, 4 years Electronic and Telecommunications Engineering Degree, Thorildsplans College Other 1979-2007, several customer focusing IT management courses/seminars providing guidance on the planning, delivery and management of quality IT services to support business needs (ITIL). (This list is not complete, cover approximately 50% of all training during 1973 to 2008)

3 (5)

Curriculum Vitae Svenn R. Norendal

CERTIFICATIONS
2008 CGEIT Certified in the Governance of Enterprise IT (24/08/2008 Cert No 0800494) Information Systems Audit and Control Association (ISACA) 2004 Information Technology Accredited Security & Control Application Inspector Ford Motor Company 1993 CISA Certified Information Systems Auditor (30/09/1993 Cert No 9313072) Information Systems Audit and Control Association (ISACA) 1992 Management Certification L M Ericsson Data AB 1992 Diploma in Project Management University College Karlskrona Ronneby 1986 Authorised Electrical Contractor General authority as electric installer to 1000V, Statens Energiverk (1990-11-20 Cert No 520913-0219, valid until 2023) 1986 Diploma in Advanced Computer Security Infosec Prosab AB 1986 Certified Intruder Alarm Installer Authorised to Approve and Connect Intruder and Assault Alarms to the Police Authority in Sweden. Police Authority in Stockholm (Cert No AA 576-6575/95)

ASSOCIATION MEMBERSHIPS
ISACA, Information Systems Audit and Control Association, U.S.A.

CONFERENCE PRESENTATIONS
Norendal, S. (1996, March). Experiences from using SBA SAFER. Paper presented at the ASIS Sweden Chapter meeting, SAS Head office, Stockholm. Norendal, S. (1995, October). SBA SAFER - major breakthrough in risk-evaluation. Paper presented at the ESF Congress, Carlton hotel, Cannes.

4 (5)

Curriculum Vitae Svenn R. Norendal

TEACHING EXPERIENCE
1995 - 1997 SIGNUM and business benefits, 10 days teaching, Corporate L M Ericsson 1986– 1995 Security and IT-Security at Ericsson, 30 days teaching, Corporate L M Ericsson 1985, November SBA-methodology, 2 days teaching, University of Lund 1983 - 1985 IT-Security at Swedish Telecom, 10 days teaching, Swedish Telecom 1980, November Protection from Lightning, 3 days teaching, Swedish Telecom 1978 – 1981 Intruder Systems - basic and advanced courses, 50 days teaching, Swedish Telecom

COMMITTEE MEMBERSHIP
1994-1998 Information Security Forum – Council member and participation in the development of the Forum Information Security Status Survey, ISSS, and the Forum Standard of Good Practice, SoGP. 1992 - 1998 ISACA Sweden Chapter – Chair Program Committee 1994-96 1990 - 1998 SWERUG, Swedish RACF User Group – Chair 1996-98 1986 - 1997 NORDSEC, Nordic Security Group – Chair (rotating) 1982 - 1992 Swedish Information Processing Society, SIG Security

REFERENCES
Mona Nypan, senior adviser/project manager, Unibridge AS, mona.nypan@unibridge.no, +47 982 65004 Mick Paisley, Information Security Mgr, Alliance & Leicester Banco Santander, Michael.paisley@alliance-leicester.co.uk Harvey Webb, Security Manager, Shell International, harvey.webb@shell.com, +44 20 7934 1234 Cedric Williams, IM Manager, Xerox UK, cedric.williams@xerox.com, +44 1895 843692 Kim Hathrell, Jaguar&Landrover Audit & Security Manager, khathrel@ford.com: +44 121 700 9919
5 (5) Curriculum Vitae Svenn R. Norendal

Sign up to vote on this title
UsefulNot useful