Senior IT & Information Security Consultant
Jørgen
Geert Bruun
CISSP  ·  CCSP  ·  CISM  ·  CISA  ·  CRISC

Turning regulatory and business requirements into practical security solutions - built for real environments, operated by real people.

Get in touch View services
Jørgen Geert Bruun
Est. 2022 · Horsens, DK
Profile

About Me

Senior IT and information security consultant with extensive experience from regulated enterprise environments - aviation, finance, defence, and critical infrastructure. In business since August 2022.

Background spans IT engineering, infrastructure, and security architecture, with specialization in IGA, PAM, MFA, governance, and compliance. Experienced working embedded alongside CISO functions, IT management, and project organisations across Denmark, Luxembourg, Qatar, and beyond.

Known for combining a helicopter view with an eye for detail - equally comfortable designing strategy and getting hands-on with implementation.

Holds NATO SECRET and HEMMELIG security clearance. Intelligence NCO, G2 - Danish National Home Guard, Land Command West HQ.

Location
Horsens, Denmark
Phone
+45 3113 5015
Email
jorgen.bruun@qualsec.dk
LinkedIn
linkedin.com/in/jorgen-bruun
CVR
41520795
Languages
Danish (native) · English (fluent) · German, Spanish, Swedish, Norwegian (working) · French (basic)
What I do

Services

01 / IAM & IGA

Identity & Access Management

End-to-end IAM and IGA programme delivery - gap analysis, stakeholder workshops, vendor selection, architecture design, and rollout planning for enterprise environments.

02 / PAM

Privileged Access Management

PAM architecture, platform acquisition, vendor evaluation, and enterprise onboarding. Delivered CyberArk and Segura implementations across finance, banking, and aviation.

03 / MFA & SSO

MFA and Single Sign-On

Enterprise MFA and SSO programme leadership - application onboarding, large-scale user rollout, and NIS2-aligned authentication strategy.

04 / Architecture

Security Architecture

Target-state architecture design, integration patterns, and solution documentation across complex enterprise, financial, and OT environments. Secure infrastructure design since 1993.

05 / Governance

Governance & Compliance

Policy authoring, risk and threat assessments, NIS2, ISO 27001/27002, CIS Controls, and COBIT-aligned governance frameworks. Management-ready deliverables.

06 / OT Security

OT & Critical Infrastructure

OT security advisory aligned to IEC 62443. Translating high-level security requirements into concrete technical controls for production and OT-adjacent environments.

Career

Experience

January 2025 – Present
Senior Security Consultant
Undisclosed aviation client, Luxembourg (Freelance / Embedded)
Architecture & Vendor Evaluation
  • Security solution architecture across IAM domains in a major airline environment
  • Target-state architecture documentation, integration patterns, and operational design
  • Structured vendor evaluations, PoC management, and comparative scoring
IGA Transformation
  • Leading data collection and analysis phase for enterprise IGA programme
  • Stakeholder interviews and workshops on identity and access workflows
  • Governance gap analysis across access provisioning, roles, and recertification
PAM Programme
  • PAM acquisition and architecture lead - Segura selected as vendor
  • Vendor evaluation, contract negotiations, onboarding strategy and roadmap
  • PAM integration with IAM, Active Directory, and operational security processes
March 2024 – Present
Senior Security Consultant – MFA & SSO
Undisclosed aviation client, Luxembourg (Freelance)
  • Driving enterprise MFA and SSO programme for approximately 3,000 users
  • Leading MFA implementation and SSO-based application onboarding
  • Supporting NIS2 compliance requirements effective October 2024
May 2023 – February 2024
IT Security Architect
Saab Danmark, Sønderborg, Denmark (Freelance / Embedded)
  • Identifying security improvement areas in production and OT-adjacent environments
  • Designing test documentation to verify compliance with customer security requirements
  • Advising on policies and procedures for secure integration rooms
  • Translating high-level security requirements into concrete technical controls
August 2022 – April 2023
Internal IT Security Consultant
VELUX A/S, Kolding, Denmark (Freelance / Embedded)
  • Direct advisory support to CISO on security governance
  • Authoring IT security policies and supporting documentation
  • Developing risk and threat assessment processes
  • Establishing third-party security review processes
  • Contributing to crisis management and tabletop exercises
  • Advising on OT security aligned to IEC 62443
September 2020 – July 2022
Senior IT Security Consultant
Bankdata, Fredericia, Denmark
  • Identified vulnerabilities for new and existing operational processes and technical environments and proposed practical security improvements
  • Leading CyberArk PAM implementation for more than 400 users
  • Delivering PAM onboarding processes, documentation, and operational procedures
  • Upgrading enterprise internet proxy infrastructure and deploying anti-ransomware solutions
  • Threat assessments and SME input on security-related projects
March 2019 – July 2020
Security Risk Architect
Qatar National Bank (QNB), Doha, Qatar
  • Designed security architecture blueprint for a virtualized, segregated development environment with secure remote access and code exfiltration controls
  • Product manager and deployment lead for enterprise-wide data classification solution across all QNB international units - including user awareness training
  • Subject matter expert for PAM solution design, policies, and adoption strategy
August 2015 – March 2019
Senior Information Security Specialist & BISO
Nordea Bank S.A., Luxembourg
  • Delivered CyberArk PAM within agreed scope, budget, and timeframe - rethinking how IT staff manage privileged accounts across the bank
  • Acting as BISO for Wealth Management operations (Scandinavia, Luxembourg, Switzerland, Singapore)
  • Implemented SPLUNK SIEM for audit logging, SoD monitoring, and PII data privacy controls during core banking migration
  • Responsible for DR, BCM process and periodic testing; BCP training for senior executive first response teams
  • Drove integration of local IT operations with Group security governance including password compliance, access logging, and endpoint protection
2002 – 2015
IT Senior Technical Specialist
Nordea Bank S.A., Luxembourg
  • Joined Nordea to modernise its ageing NT4-based infrastructure - built the first Active Directory for the Isle of Man branch, followed by Luxembourg and Switzerland
  • Responsible for delivery of complete IT infrastructure in Singapore: datacenter, international links, DR colocation, servers, storage, and networking
  • Delivered the IT infrastructure layer for Nordea's new Temenos Core Banking platform, including all file-based system interfaces
  • Designed executive mobile workstation solution with full disk encryption, managed firewall/VPN, and endpoint protection
  • Procurement lifecycle ownership: vendor contact, technical spec review, price and contract negotiation, budgeting, and delivery planning
2000 – 2002
IT & Network Administrator
Credit Suisse Private Banking S.A., Luxembourg
  • Strengthened server and workstation security - defined system baselines and adherence procedures
  • Installed and managed two complex Veritas robotic backup systems for NT, Unix, and VMS environments
  • Delivered automation scripts to support helpdesk operations and resolved SoD issues during data migration
1997 – 2000
Senior IT Consultant
Merkantildata (DanaData), Denmark
  • Part of an elite team delivering Windows NT and Novell projects for major Danish clients
  • Outplaced to Kriminalforsorgen - designed and deployed a new standard workstation build (NT 4.0) to all locations in Denmark, with complete NT server infrastructure redesign
  • Pre-sales engagement, project delivery, and client training across the customer base
1996 – 1997
Senior Microsoft Consultant & Instructor
Servicegruppen for Dataudstyr, Denmark
  • On-site at A.P. Moller / Maersk Contractors for six months - second-level support and Windows NT workstation deployment
  • Established remote operations center for online customer support via router connections
  • Obtained MCSE and MCT certifications while delivering client projects
  • Part of the Y2K on-call initiative at Finanstilsynet
1993 – 1996
Head of Technical Support
Electronic Equipment Trading (EET), Denmark
  • Built and led a three-person technical support team for a storage, memory, and processor component distributor
  • Managed internal operations of five servers (NetWare, Notes, Navigator, BBS, Fax)
  • External technical support to major Danish resellers and their enterprise clients
Credentials

Certifications

CISSP
ISC2 · 2016
CCSP
ISC2 · 2021
CISM
ISACA · 2019
CISA
ISACA · 2021
CRISC
ISACA · 2019
COBIT 5
ISACA · Foundation & Implementation
MCSE
Microsoft · 1998
MCT
Microsoft · 1996
Education

Education

1991
Bachelor of Science in EngineeringCopenhagen University College of Engineering (Københavns Teknikum)
1993–95
Business Economy & Informatics / NetworkingNiels Brock Copenhagen Business College (Merkonom / Datanom)
1984
Mathematics / PhysicsBirkerød Gymnasium - High school degree
References

Selected Clients

Client confidentiality is respected. Current aviation engagement is undisclosed at client request.

Undisclosed Aviation Client
Aviation
Luxembourg - 2024 to present
Saab Danmark
Defence
Sønderborg, Denmark - 2023–2024
VELUX A/S
Manufacturing
Kolding, Denmark - 2022–2023
Bankdata
Financial Services
Fredericia, Denmark - 2020–2022
Qatar National Bank
Banking - Middle East
Doha, Qatar - 2019–2020
Nordea Bank S.A.
Banking / Wealth Management
Luxembourg - 2002–2019
Credit Suisse Private Banking
Private Banking
Luxembourg - 2000–2002
A.P. Moller / Maersk
Shipping / Logistics
Denmark - 1996–1997
Get in touch

Contact

Available for freelance engagements and advisory roles across Europe. Typically working embedded on-site or remotely from Denmark.

Email jorgen.bruun@qualsec.dk
Phone +45 3113 5015
LinkedIn linkedin.com/in/jorgen-bruun
Based in Horsens, Denmark
CVR 41520795