Profiles search

Nurlan

Sapargaliyev
Calgary, Alberta, Canada
View resume Unlock resume

Skills

- Governance: ISO 27001/2:2022, GDPR, policy framework, audit remediation
- Risk Management: NIST CSF 2.0, ISO 27005, NIST SP 800-30/37, TPRM
- Security Leadership: global team build-out, operating model, capability development
- Exposure Management: CSPM, Shadow IT/AI, vulnerability management, risk-based remediation
- Security Architecture: cloud (Azure/AWS), SASE, network, endpoint
- Product Security: secure SDLC, OWASP-aligned controls
- Data Protection: information classification, Microsoft Purview, DLP/DRM
- AI/ML Security: NIST AI RMF, ISO 42001, model governance, data/privacy controls
- M&A Security: due diligence, integration planning, Day-1 security guardrails
- Identity & Access Management: IGA (Entra ID, Saviynt), JML, access reviews, MFA, PAM/JIT

About

I help organizations ensure information security during technology change and enterprise transformation.

My work focuses on security governance and cyber risk in complex environments.

Over 15 years building and leading security programs inside a large global enterprise, I worked directly with leadership to identify exposure and reduce risk without slowing the business.

I am now available for full-time, advisory and contract engagements:
- designing and modernizing cybersecurity strategy and governance
- making sense of true cyber risks
- getting third-party security risk under control
- adopting information classification where it is really needed
- simplifying identity governance
- bringing to light and hardening shadow IT and AI
- implementing sound protection of sensitive data
- measurably reducing attack surface
- security due diligence of mergers, acquisitions, divestitures
- joint ventures security integration and hardening

Recent work includes security consolidation during a $3.3B merger and identity governance across enterprise platforms supporting ~50,000 users. Led a remediation program that neutralized high-risk vulnerability exposure across ~150 business-critical services within one year.

Certifications: CISSP, CISM, CCSP, CDPSE, CCZT, GSTRT, ITCP/I.S.P. of Canada

MBA (Entrepreneurship and Innovation) in progress — University of London

Interested in a pragmatic approach to security? I'd welcome the conversation.