Hi, I’m Alex. I’m transitioning into Governance, Risk, and Compliance (GRC) and building real skills through hands-on projects and structured learning. Right now, I’m focusing on practical risk assessments, policy writing, compliance gap analysis, and threat-informed insights — using frameworks like NIST SP 800-30, ISO 27001 principles, and MITRE ATT&CK mappings. My early work centers on healthcare scenarios (PHIPA/PIPEDA compliance in Canadian clinics), but I’m actively exploring broader sectors like finance, critical infrastructure, and global standards (HIPAA, GDPR/DSGVO).
This blog is my portfolio: detailed risk assessments, policy examples, audit simulations, and short insights on trends and regulations. I’m seeking entry-to-mid GRC roles in Canada, with openness to US and international opportunities — especially consulting environments where strategic risk management meets real-world execution. If you’re hiring, reading, or just curious about GRC, feel free to reach out — I’d love to connect.
GRC in Progress
Practical Risk & Compliance Work – Assessments, Policies, Insights
recent posts
- Monitoring, Reporting & Continuous Improvement: Completing the GRC Cycle for a Small Canadian Clinic (OpenMRS Case Study)
- From Risk Assessment to Action: Developing Security Policies and Controls for a Small Canadian Clinic (OpenMRS Case Study)
- Risk Assessment in Action: OpenMRS Security Review for a Canadian Clinic
GRC in Progress 