You're seeing this page as if you were . The main menu is still yours, though. Exit from immersion
Ana PalmaAP

Ana Palma

Business Governance Consultant

€600/day
Faro, PT
15+ years

Average response time: 1 hour

About Ana

Projects are budgeted at a fixed price

Providing pragmatic advisory and implementation support across Information Security, Privacy, Governance, Risk Management, Quality, Business Continuity, and AI Compliance. Services are tailored to the complexity of each organisation.

My Approach
I take a pragmatic, business-aligned, and maturity-aware approach to designing and implementing governance frameworks. While my work is grounded in recognised standards and best practices, every organisation is different.

1. Context-Driven Design
I begin by understanding the organisation.

2. Phased and Maturity-Based Implementation
I favour phased implementations aligned with the organisation's level of maturity.

3. Governance-First Mindset
I place significant emphasis on defining clear ownership, accountability, decision-making structures, and oversight mechanisms.

4. Practical Controls with Purpose
I focus on implementing measures that genuinely support the organisation's objectives.

5. Embedded into Business Operations
I work to integrate governance into day-to-day business processes.

6. Communication and Stakeholder Engagement
I place strong emphasis on clear communication, stakeholder engagement, and practical guidance.

7. Continuous Improvement
I design frameworks that incorporate regular reviews, performance monitoring, lessons learned, and continuous improvement activities.

8. Clear Documentation and Demonstrable Evidence
I ensure that decisions, responsibilities, processes, risks, and evidence are documented clearly-

Services

1. Information Security Management & Governance.

2. Governance, Risk & Compliance (GRC)

3. Data Privacy & Information Governance

4. Business Continuity & Operational Resilience

5. Security Assurance & Audit

6. Security Awareness & Capability Development

7. Advisory & Transformation Services

8. AI Governance, Compliance & Risk Management
  • Portuguese

    Native or bilingual

  • German

    Conversational

  • English

    Native or bilingual

Remote only
Primarily works remotely

Experience

  • Independent Governance,
    Risk & Security Consultant
    CONSULTING AND AUDITS
    September 2025 - Today (10 months)
    • • Developing an AI Governance and Implementation Framework to support organisations in the secure, compliant, and business-aligned adoption of Artificial Intelligence.
    • • Designing and developing professional training programmes across Information Security, GRC, and AI governance.
    Information security Data Governance Risk Management Third party risk Audit
  • Smarttech247
    Head of GRC and Professional Services
    April 2023 - July 2025 (2 years and 3 months)
    • • Led the delivery of Information Security and GRC consultancy services, including ISO/IEC 27001 implementations, maturity assessments, gap analyses, third-party risk management, incident response, and business continuity initiatives.
    • • Established and led the Supplier Security Risk Management and Data Security Services practice, developing pragmatic assessment frameworks aligned with ISO/IEC 27001, NIST CSF 2.0, DORA, and NIS2.
    • • Directed a team of 7 security consultants, overseeing project delivery, capability development, and quality assurance across multiple client engagements.
    • • Supported 5 organisations in achieving ISO/IEC 27001:2022 certification and spearheaded Smarttech247's own ISO 27001:2022 transition, ensuring successful recertification and alignment with evolving organisational requirements.
    • • Established and led supplier security maturity programmes, overseeing the development of integrated assessment approaches across supplier risk management, application security, privacy, and broader governance practices.
  • Smarttech247
    Governance Risk and Compliance Manager
    July 2022 - March 2023 (8 months)
    • • Managed the GRC function, expanding Supplier Security Risk Management services and enhancing organisational GRC maturity.
    • • Enhanced the organisation's Integrated Management System to support evolving security, governance, and compliance requirements.
    • • Designed and implemented third-party risk assessment methodologies, processes, and registers supporting ISO/IEC 27001:2022 certification programmes.
    • • Strengthened supplier governance and regulatory compliance through alignment with GDPR, ISO/IEC 27001, and related security requirements.

Recommendations

Be the first to recommend Ana

Help this freelancer shine by sharing your experience working together.

These freelancer profiles also match your criteria

AgathaA

Agatha Frydrych

Backend Java Software Engineer

4.7

(3)

2

BaptisteB

Baptiste Duhen

Fullstack developer

4.6

(4)

5

AmedA

Amed Hamou

Senior Lead Developer

4

(2)

7

AudreyA

Audrey Champion

Web developer

4.3

(3)

4

Education

  • University degree in Economics
    "Universidade Autónoma de Lisboa"
    1995
    University degree in Economics
  • CISM
    CISM

Certifications

Skill set

Categories