Available for consulting · Remote & Hybrid

Myron G.
Moutos

Security that works for people, not just auditors.

ISO 27001:2022 Lead Auditor, AI governance specialist, and IT GRC consultant helping organisations across the EU and DACH region build security cultures that last - not just pass audits.

ISO 27001:2022 ISO/IEC 42001 EU AI Act GDPR NIS2
Get in touch Read my articles
25+Years in IT
4Audits - zero major NCs
73%Phishing reduction
3Languages
Greek - Native English - C2 German - Professional
Available for new engagements

About

I help organisations build security cultures that actually stick.

Most organisations approach information security as a compliance exercise. They get certified, file the paperwork, and move on - until the next audit. I think that's the wrong way around.

With over 25 years across IT management, quality assurance, and information security - and having worked hands-on with organisations from Greek manufacturing SMEs to German IT services firms - I've seen what happens when security is bolted on versus built in.

I hold both ISO 27001:2022 Lead Auditor and ISO/IEC 42001 AIMS certifications, putting me at a rare intersection: the two governance frameworks that matter most right now as the EU AI Act comes into force. I help you meet the requirements - and understand why they exist.

I work remotely and in hybrid models, in Greek, English, and German. Whether you're a Mittelstand company preparing for surveillance, a Greek firm navigating NIS2, or a startup building AI products under the EU AI Act - I can help you move forward with clarity.

The rare combination
ISO 27001:2022 + ISO/IEC 42001 dual certification is uncommon. As EU organisations build AI governance frameworks under the AI Act, this combination is in high demand - and I hold both.
Trilingual delivery
Working in Greek, English, and German means no language barriers with clients or documentation across the EU and DACH region. Policies, training, and audit reports in the language your people actually use.
Proven track record
Four consecutive ISO 27001 audits with zero major nonconformities. Real compliance, not just audit preparation.
Coming Soon

Video

Security explained by someone who's been in the room.

I'm building a video series on information security, AI governance, and practical compliance - aimed at the people who actually have to implement this stuff, not just read about it. Short, plain-language, no jargon for its own sake.

Subscribe on YouTube

LinkedIn Articles

Thinking out loud on security, governance & the human side of compliance.

ISMS
What Makes an ISMS Actually Useful

Most information security management systems look great on paper and achieve very little in practice. Here's what separates the ones that work.

Read on LinkedIn → Culture
Control vs Culture - Why ISO 27001 Controls Only Work When People Do

Controls are necessary. They're not sufficient. The organisations that maintain certification without drama are the ones that figured this out.

Read on LinkedIn → Series · Ch. 1
Clause 4.1 - Security in the Belly of the Bureaucratic Whale

A clause-by-clause walk through ISO 27001 for practitioners. Chapter one: understanding your organisation's context before anything else.

Read on LinkedIn → Series · Ch. 2
Clause 4.2 - Stakeholders, Stardust and Secret Desires

Who actually cares about your ISMS - and what do they really want from it? Chapter two digs into the stakeholder map most people draw wrong.

Read on LinkedIn → Series · Ch. 3
Clause 4.3 - The Line in the Sand Where the ISMS Begins (and Pretends)

Defining scope is where most ISMS projects make their first quiet mistake. Chapter three on drawing boundaries that actually mean something.

Read on LinkedIn → Series · Ch. 4
Clause 4.4 - The Statement of Applicability Wears Lipstick Now

The SoA is often treated as a formality. Chapter four on why it's actually one of the most strategic documents in your entire ISMS.

Read on LinkedIn →
View all articles on LinkedIn

Services

What I can do for your organisation.

01
ISO 27001 Implementation & Auditing
End-to-end ISMS design, gap analysis, risk assessment, Statement of Applicability, internal audit cycles, and readiness for external certification or surveillance audits.
02
AI Governance & EU AI Act Readiness
ISO/IEC 42001 AIMS implementation, AI risk assessment, and compliance roadmaps for organisations developing or deploying AI systems under the EU AI Act.
03
GDPR & NIS2 Compliance
Data protection impact assessments, privacy policy development, NIS2 gap analysis, and compliance programme design for organisations operating in the EU.
04
Security Awareness Programmes
Designed for humans, not checklists. Phishing simulation campaigns and training that changes behaviour - not just satisfies an Annex A control.
05
IT GRC Advisory
Governance, risk, and compliance frameworks for IT departments - risk register management, third-party risk, policy development, and control framework alignment.
06
Multilingual Consulting
Full-service delivery in Greek, English, and German. Documentation, training, audit reports, and stakeholder communication in the language that works for your organisation.

Contact

Let's talk about what your organisation needs.

Whether you're preparing for your first ISO 27001 certification, navigating an EU AI Act compliance question, or just want a second opinion on your ISMS - I'm happy to have a first conversation with no obligations attached.

I work with organisations of all sizes, from Mittelstand companies in Germany to startups and public sector bodies in Greece. Remote-first, available across time zones.

linkedin.com/in/myronmoutos

To use the contact form, please accept cookies. This enables reCAPTCHA spam protection.

Read our Privacy Policy

Protected by reCAPTCHA - Privacy & Terms apply.